CVE-2024-47173Privilege Context Switching Error in Ai-admin-graphql

CWE-270Privilege Context Switching Error3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Aimeos Ai-admin-graphql
Timeline
PublishedOct 24

Description

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 1.2 | Impact: 4.2

Affected Packages2 packages

Packagistaimeos/ai-admin-graphql2024.04.12024.07.2
CVEListV5aimeos/ai-admin-graphql>= 2024.04.1, < 2024.07.2

🔴Vulnerability Details

2
OSV
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups2024-10-24
GHSA
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups2024-10-24