CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_MCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Common Weakness Enumeration
References
https://github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132
https://github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2
https://github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132
https://github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2