CVE-2024-37296: Digital products download without proper payment status check
(updated )
Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn’t succeed.
References
- github.com/advisories/GHSA-v4g2-cm5v-cxv7
- github.com/aimeos/ai-client-html
- github.com/aimeos/ai-client-html/commit/12d8aad1a373bf9d350872501adec3e222164f83
- github.com/aimeos/ai-client-html/commit/5a7249769142b3ce70959ab1fb70c7e7c251e214
- github.com/aimeos/ai-client-html/commit/6460ffe8f4929d864164aa96c5b49eca5326d975
- github.com/aimeos/ai-client-html/commit/7f01d2f4fbc67f5231fd84adeb835d28252b8409
- github.com/aimeos/ai-client-html/commit/fc611ff9a57e421d0ad9d99346b561cea515c5f0
- github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7
- nvd.nist.gov/vuln/detail/CVE-2024-37296
Detect and mitigate CVE-2024-37296 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →