Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/aimeos/aimeos-core@2024.04.4

Type composer

Namespace aimeos

Name aimeos-core

Version 2024.04.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2024.04.7

Latest_non_vulnerable_version 2024.04.7

Affected_by_vulnerabilities

url VCID-852w-ez7d-dqbs

vulnerability_id VCID-852w-ez7d-dqbs

summary An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file.

references

reference_url

https://github.com/aimeos/aimeos-core

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core

reference_url

https://github.com/github/advisory-database/pull/4544

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/4544

reference_url

https://github.com/aimeos/aimeos-core/commit/13e163126adff48f987b3b6faca28551effe0205

reference_id

13e163126adff48f987b3b6faca28551effe0205

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-22T17:34:28Z/

url

https://github.com/aimeos/aimeos-core/commit/13e163126adff48f987b3b6faca28551effe0205

reference_url

https://github.com/aimeos/aimeos-core/commit/5eea7aa933ac7402044bc6d282f96fba44475ee2

reference_id

5eea7aa933ac7402044bc6d282f96fba44475ee2

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-22T17:34:28Z/

url

https://github.com/aimeos/aimeos-core/commit/5eea7aa933ac7402044bc6d282f96fba44475ee2

reference_url

https://github.com/ssshah2131/CVE/blob/main/Aimeos_RCE

reference_id

Aimeos_RCE

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-22T17:34:28Z/

url

https://github.com/ssshah2131/CVE/blob/main/Aimeos_RCE

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-36811

reference_id

CVE-2024-36811

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-36811

reference_url

https://github.com/advisories/GHSA-cr7j-rwmv-vgch

reference_id

GHSA-cr7j-rwmv-vgch

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr7j-rwmv-vgch

reference_url

https://drive.google.com/file/d/1n5_t-zmKHbx3H47xdhR5kuHTDc0Gxur3/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-22T17:34:28Z/

url

https://drive.google.com/file/d/1n5_t-zmKHbx3H47xdhR5kuHTDc0Gxur3/view?usp=sharing

reference_url

https://drive.google.com/file/d/1QJWwaDB6smLCuNp10yZKWgpELTQJax31/view?usp=sharing

reference_id

view?usp=sharing

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-22T17:34:28Z/

url

https://drive.google.com/file/d/1QJWwaDB6smLCuNp10yZKWgpELTQJax31/view?usp=sharing

fixed_packages

url	pkg:composer/aimeos/aimeos-core@2024.4.5
purl	pkg:composer/aimeos/aimeos-core@2024.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.4.5

url pkg:composer/aimeos/aimeos-core@2024.04.5

purl pkg:composer/aimeos/aimeos-core@2024.04.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kf19-ff1v-v7h8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.04.5

aliases CVE-2024-36811, GHSA-cr7j-rwmv-vgch

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-852w-ez7d-dqbs

url VCID-kf19-ff1v-v7h8

vulnerability_id VCID-kf19-ff1v-v7h8

summary Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users should upgrade to versions 2022.10.17, 2023.10.17, or 2024.04 of the aimeos/aimeos-core package to receive a patch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-37294

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24617
published_at	2026-06-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24812
published_at	2026-06-14T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24828
published_at	2026-06-13T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24815
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-37294

reference_url

https://github.com/aimeos/aimeos-core

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core

reference_url

https://github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core/commit/66edb06a53e51d90e075aad1932811c53c40af6f

reference_url

https://github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core/commit/69e2ea127c4e2fd2e756a80a16442bea0351a461

reference_url

https://github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core/commit/e933345915fc0cfafc6a011b853bc0228a61a45f

reference_url

https://github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core/compare/2022.10.16...2022.10.17

reference_url

https://github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core/compare/2023.10.16...2023.10.17

reference_url

https://github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core/compare/2024.04.6...2024.04.7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-37294

reference_id

CVE-2024-37294

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-37294

reference_url

https://github.com/advisories/GHSA-xjm6-jfmg-qc6p

reference_id

GHSA-xjm6-jfmg-qc6p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xjm6-jfmg-qc6p

reference_url

https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p

reference_id

GHSA-xjm6-jfmg-qc6p

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-11T17:07:16Z/

url

https://github.com/aimeos/aimeos-core/security/advisories/GHSA-xjm6-jfmg-qc6p

fixed_packages

url	pkg:composer/aimeos/aimeos-core@2024.4.7
purl	pkg:composer/aimeos/aimeos-core@2024.4.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.4.7

url	pkg:composer/aimeos/aimeos-core@2024.04.7
purl	pkg:composer/aimeos/aimeos-core@2024.04.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.04.7

aliases CVE-2024-37294, GHSA-xjm6-jfmg-qc6p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf19-ff1v-v7h8

url VCID-mbta-c85n-wbbg

vulnerability_id VCID-mbta-c85n-wbbg

summary Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-37295

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32264
published_at	2026-06-11T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32444
published_at	2026-06-14T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32466
published_at	2026-06-13T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32447
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-37295

reference_url

https://github.com/aimeos/aimeos-core

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aimeos/aimeos-core

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-37295

reference_id

CVE-2024-37295

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-37295

reference_url

https://github.com/advisories/GHSA-rhc2-23c2-ww7c

reference_id

GHSA-rhc2-23c2-ww7c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhc2-23c2-ww7c

reference_url

https://github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c

reference_id

GHSA-rhc2-23c2-ww7c

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-11T17:22:47Z/

url

https://github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c

fixed_packages

url	pkg:composer/aimeos/aimeos-core@2024.4.5
purl	pkg:composer/aimeos/aimeos-core@2024.4.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.4.5

url pkg:composer/aimeos/aimeos-core@2024.04.5

purl pkg:composer/aimeos/aimeos-core@2024.04.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kf19-ff1v-v7h8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.04.5

aliases CVE-2024-37295, GHSA-rhc2-23c2-ww7c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbta-c85n-wbbg

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/aimeos/aimeos-core@2024.04.4

Package Instance