GHSA-v4g2-cm5v-cxv7: Digital products download without proper payment status check

June 5, 2024

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn’t succeed.

References

github.com/advisories/GHSA-v4g2-cm5v-cxv7
github.com/aimeos/ai-client-html
github.com/aimeos/ai-client-html/security/advisories/GHSA-v4g2-cm5v-cxv7

Detect and mitigate GHSA-v4g2-cm5v-cxv7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →