Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bypassing promo code limitations with race conditions
Vulnerability Description
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
alf.io 安全漏洞
Vulnerability Description
Alf.io是Alf.io开源的一款免费开源活动出席管理系统。 alf.io 2.0-M5之前版本存在安全漏洞,该漏洞源于一个竞态条件,可能允许用户绕过促销代码的数量限制,多次使用折扣券。
CVSS Information
N/A
Vulnerability Type
N/A