Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ydzNqLTU3NGgtbXJjcc4AA_zA
IDOR vulnerability in account profile page
Impact
Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer
Permalink: https://github.com/advisories/GHSA-rw3j-574h-mrcqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ydzNqLTU3NGgtbXJjcc4AA_zA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Percentage: 0.00044
EPSS Percentile: 0.14503
Identifiers: GHSA-rw3j-574h-mrcq, CVE-2024-39319
References:
- https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq
- https://nvd.nist.gov/vuln/detail/CVE-2024-39319
- https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2
- https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9
- https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac
- https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5
- https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b
- https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f
- https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6
- https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3
- https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb
- https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85
- https://github.com/advisories/GHSA-rw3j-574h-mrcq
Blast Radius: 9.6
Affected Packages
packagist:aimeos/ai-controller-frontend
Dependent packages: 10Dependent repositories: 64
Downloads: 298,296 total
Affected Version Ranges: < 2020.10.15, >= 2021.04.1, < 2021.10.8, >= 2022.04.1, < 2022.10.8, >= 2023.04.1, < 2023.10.9, = 2024.04.1
Fixed in: 2020.10.15, 2021.10.8, 2022.10.8, 2023.10.9, 2024.04.2
All affected versions: 2016.7.1, 2016.7.2, 2016.7.3, 2016.10.1, 2016.10.2, 2016.10.3, 2016.10.4, 2016.10.5, 2016.10.6, 2017.1.1, 2017.1.2, 2017.4.1, 2017.4.2, 2017.4.3, 2017.4.4, 2017.4.5, 2017.4.6, 2017.4.7, 2017.7.1, 2017.7.2, 2017.7.3, 2017.10.1, 2017.10.2, 2017.10.3, 2017.10.4, 2017.10.5, 2018.1.1, 2018.1.2, 2018.4.1, 2018.4.2, 2018.4.3, 2018.7.1, 2018.7.2, 2018.7.3, 2018.7.4, 2018.7.5, 2018.7.6, 2018.10.1, 2018.10.2, 2018.10.3, 2018.10.4, 2018.10.5, 2018.10.6, 2018.10.7, 2018.10.8, 2018.10.9, 2019.1.1, 2019.1.2, 2019.4.1, 2019.4.2, 2019.4.3, 2019.4.4, 2019.4.5, 2019.7.1, 2019.7.2, 2019.7.3, 2019.7.4, 2019.7.5, 2019.10.1, 2019.10.2, 2019.10.3, 2019.10.4, 2019.10.5, 2019.10.6, 2019.10.7, 2019.10.8, 2019.10.9, 2019.10.10, 2019.10.11, 2019.10.12, 2019.10.13, 2019.10.14, 2019.10.15, 2019.10.16, 2020.1.1, 2020.1.2, 2020.4.1, 2020.7.1, 2020.7.2, 2020.10.1, 2020.10.2, 2020.10.3, 2020.10.4, 2020.10.5, 2020.10.6, 2020.10.7, 2020.10.8, 2020.10.9, 2020.10.10, 2020.10.11, 2020.10.12, 2020.10.13, 2020.10.14, 2021.4.1, 2021.4.2, 2021.4.3, 2021.4.4, 2021.4.5, 2021.7.1, 2021.7.2, 2021.10.1, 2021.10.2, 2021.10.3, 2021.10.4, 2021.10.5, 2021.10.6, 2021.10.7, 2022.4.1, 2022.4.2, 2022.4.3, 2022.4.4, 2022.4.5, 2022.7.1, 2022.7.2, 2022.7.3, 2022.10.1, 2022.10.2, 2022.10.3, 2022.10.4, 2022.10.5, 2022.10.6, 2022.10.7, 2023.4.1, 2023.4.2, 2023.7.1, 2023.10.1, 2023.10.2, 2023.10.3, 2023.10.4, 2023.10.5, 2023.10.6, 2023.10.7, 2023.10.8, 2024.4.1
All unaffected versions: 2020.10.15, 2021.10.8, 2022.10.8, 2023.10.9, 2023.10.10, 2023.10.11, 2024.4.2, 2024.7.1, 2024.7.2, 2024.7.3, 2024.10.1, 2024.10.2