CVE-2024-50654

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50654

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50654.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-50654

Published

2024-11-15T17:15:20Z

Modified

2024-12-26T00:53:26.640868Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.

References

Affected packages

Git / github.com/lilishop/lilishop

Affected ranges

Type: GIT
Repo: https://github.com/lilishop/lilishop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9616c27efa143b736c741ea9e19a707f8132dc32

Affected versions

v1.*

v1.0

v4.*

v4.1

v4.2

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4