Vulnerability Details CVE-2024-58248
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.2%
CVSS Severity
CVSS v3 Score 3.5
References
Products affected by CVE-2024-58248
-
cpe:2.3:a:nopcommerce:nopcommerce:1.70
-
cpe:2.3:a:nopcommerce:nopcommerce:1.80
-
cpe:2.3:a:nopcommerce:nopcommerce:1.90
-
cpe:2.3:a:nopcommerce:nopcommerce:2.00
-
cpe:2.3:a:nopcommerce:nopcommerce:2.10
-
cpe:2.3:a:nopcommerce:nopcommerce:2.20
-
cpe:2.3:a:nopcommerce:nopcommerce:2.30
-
cpe:2.3:a:nopcommerce:nopcommerce:2.40
-
cpe:2.3:a:nopcommerce:nopcommerce:2.50
-
cpe:2.3:a:nopcommerce:nopcommerce:2.60
-
cpe:2.3:a:nopcommerce:nopcommerce:2.65
-
cpe:2.3:a:nopcommerce:nopcommerce:2.70
-
cpe:2.3:a:nopcommerce:nopcommerce:2.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.00
-
cpe:2.3:a:nopcommerce:nopcommerce:3.10
-
cpe:2.3:a:nopcommerce:nopcommerce:3.20
-
cpe:2.3:a:nopcommerce:nopcommerce:3.30
-
cpe:2.3:a:nopcommerce:nopcommerce:3.40
-
cpe:2.3:a:nopcommerce:nopcommerce:3.50
-
cpe:2.3:a:nopcommerce:nopcommerce:3.60
-
cpe:2.3:a:nopcommerce:nopcommerce:3.70
-
cpe:2.3:a:nopcommerce:nopcommerce:3.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.90
-
cpe:2.3:a:nopcommerce:nopcommerce:4.00
-
cpe:2.3:a:nopcommerce:nopcommerce:4.10
-
cpe:2.3:a:nopcommerce:nopcommerce:4.20
-
cpe:2.3:a:nopcommerce:nopcommerce:4.30
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.1
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.2
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.3
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.4
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.0
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.1
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.2