Headline

GHSA-v4g2-cm5v-cxv7: Digital products download without proper payment status check

Impact

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn’t succeed.

Patches

New versions for the Aimeos HTML client 2020-2024 are available

3 months ago

ghsa

Open in Source

#git

GitHub Advisory Database
GitHub Reviewed
GHSA-v4g2-cm5v-cxv7

Digital products download without proper payment status check

Moderate severity GitHub Reviewed Published Jun 4, 2024 in aimeos/ai-client-html • Updated Jun 5, 2024

Package

composer aimeos/ai-client-html (Composer)

Affected versions

>= 2024.04.1, < 2024.04.4

>= 2023.04.1, < 2023.10.14

>= 2022.04.1, < 2022.10.12

>= 2021.04.1, < 2021.10.21

>= 2020.04.1, < 2020.10.27

Patched versions

2024.04.5

2023.10.14

2022.10.12

2021.10.21

2020.10.27

Impact

Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn’t succeed.

Patches

New versions for the Aimeos HTML client 2020-2024 are available

References

GHSA-v4g2-cm5v-cxv7

Published to the GitHub Advisory Database

Jun 5, 2024

ghsa: Latest News

GHSA-rxq8-q85f-m866: Prevent XSS from Confidant API call

5 hours ago

ghsa

GHSA-58vj-cv5w-v4v6: Navidrome has Multiple SQL Injections and ORM Leak

6 hours ago

ghsa

GHSA-73rg-f94j-xvhx: Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

6 hours ago

ghsa

GHSA-9hf4-67fc-4vf4: Puma's header normalization allows for client to clobber proxy set headers

6 hours ago

ghsa

GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability

1 day ago

ghsa