CVE-2024-58248
LOWDescription
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nopcommerce | nopcommerce |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-58248? +
How severe is CVE-2024-58248? +
What products are affected by CVE-2024-58248? +
How do I check if I'm vulnerable to CVE-2024-58248? +
Related Vulnerabilities
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers …
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an …
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue …
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a …
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if …
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar …