aimeos/ai-admin-graphql

aimeos/ai-admin-graphql

Releases42

Frequency1 month 1 day

Last Release about 2 months ago

Stars997

Aimeos GraphQL API admin interface

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-47173 ↗	Oct 24, 2024Thursday, 24 October 2024, 19:15	5.5 MEDIUM	—
Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.
CVE-2024-39324 ↗	Jul 2, 2024Tuesday, 2 July 2024, 21:15	3.8 LOW	—
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.
CVE-2024-39323 ↗	Jul 2, 2024Tuesday, 2 July 2024, 16:15	7.1 HIGH	—
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.