CVE-2024-53476
MEDIUM
5,9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Description
AI Translation Available
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0039
Percentile
0,6th
Updated
EPSS Score Trend (Last 90 Days)
362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
DraftCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Integrity
Access Control
Potential Impacts:
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Dos: Crash, Exit, Or Restart
Dos: Instability
Read Files Or Directories
Read Application Data
Execute Unauthorized Code Or Commands
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Applicable Platforms
Languages:
C, C++, Java
Technologies:
Mobile, ICS/OT
https://github.com/AbdullahAlmutawa/CVE-2024-53476
https://github.com/simplcommerce/SimplCommerce
https://github.com/simplcommerce/SimplCommerce/issues/1111