CVE-2024-37294

medium

Description

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.

References

https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p

Details

Source: Mitre, NVD

Published: 2024-06-11

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Severity: Medium

EPSS

EPSS: 0.00206