CVE-2024-53476

MEDIUM 5.9

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

0th

A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

Vendor	n/a
Product	n/a
Published	Dec 27, 2024
Last Updated	Dec 28, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/simplcommerce/SimplCommerce github.com: https://github.com/AbdullahAlmutawa/CVE-2024-53476 github.com: https://github.com/simplcommerce/SimplCommerce/issues/1111