CVE-2024-58248

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-58248
nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/Fabian-For/Vulnerability-Research/blob/main/CVE-2024-58248/README.md
https://github.com/nopSolutions/nopCommerce/issues/7325
https://www.nopcommerce.com/en/release-notes
Configurations

No configuration.

History

No history.

Information

Published : 2025-04-16 14:15

Updated : 2025-10-29 14:15

NVD link : CVE-2024-58248

Mitre link : CVE-2024-58248

CVE.ORG link : CVE-2024-58248

JSON object : View

Products Affected

No product.

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')