{"id":"CVE-2024-39319","summary":"aimeos/ai-controller-frontend has IDOR vulnerability in account profile page","details":"aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.","aliases":["GHSA-rw3j-574h-mrcq"],"modified":"2026-04-10T05:14:16.620279Z","published":"2024-09-26T16:07:01.482Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39319.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-639"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39319.json"},{"type":"ADVISORY","url":"https://github.com/aimeos/ai-controller-frontend/security/advisories/GHSA-rw3j-574h-mrcq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39319"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/2ad5c062a629af374da470a319914c321c9bfee2"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/53eebdc51fae34440dfd768a7811c169c7779aa9"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/5833db6d18a889b94dc036dfb84b6f5cca73fbac"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/6ea6b82f5a1fc18c574cb6f97225930d139b14a5"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/700da5ea2b622724b68c8684346bf74ac3bbca9b"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/7c93139f86eff9ec26b117a8918e06ce6cc0000f"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/ae7baa3f2fbf594c2c1e4b1aae83364a84b241a6"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/cd8c95aa4663f54bd66a69c5952f2e42405426f3"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/d4eac06f3a25330c089d8be4397f2ab1936dd9bb"},{"type":"FIX","url":"https://github.com/aimeos/ai-controller-frontend/commit/f7c6a9ce2a6f5a9ad4af31313508870a78398f85"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/aimeos/ai-controller-frontend","events":[{"introduced":"0"},{"last_affected":"79e96ea38326ff4833487be12e40776538e795b8"},{"fixed":"e663f813f311c5af60d67510714c27795a1d043d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"= 2024.04.1"},{"fixed":"2020.10.15"}]}},{"type":"GIT","repo":"https://github.com/aimeos/ai-controller-frontend","events":[{"introduced":"a60325f9e8edfe94ebdbf26788978ed0e9fd3f7d"},{"fixed":"6ea6b82f5a1fc18c574cb6f97225930d139b14a5"}],"database_specific":{"versions":[{"introduced":"2023.04.1"},{"fixed":"2023.10.9"}]}},{"type":"GIT","repo":"https://github.com/aimeos/ai-controller-frontend","events":[{"introduced":"db28e50401191e40b21237dc4a10efcd69133775"},{"fixed":"f7c6a9ce2a6f5a9ad4af31313508870a78398f85"}],"database_specific":{"versions":[{"introduced":"2022.04.1"},{"fixed":"2022.10.8"}]}},{"type":"GIT","repo":"https://github.com/aimeos/ai-controller-frontend","events":[{"introduced":"9914e3d56e6d202ecdcaf08f8c699c479238f199"},{"fixed":"8183c0cd2b7e45cbefc8ca22b61643d29de92f6f"}],"database_specific":{"versions":[{"introduced":"2021.04.1"},{"fixed":"2021.10.8"}]}}],"versions":["2016.07.1","2017.01.1","2017.07.1","2018.01.1","2019.04.1","2020.10.1","2020.10.10","2020.10.11","2020.10.13","2020.10.14","2020.10.2","2020.10.3","2020.10.4","2020.10.5","2020.10.6","2020.10.7","2020.10.8","2020.10.9","2024.04.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39319.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}