Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GrandNode Voucher ConfirmOrder race condition
Vulnerability Description
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
GrandNode 竞争条件问题漏洞
Vulnerability Description
GrandNode是GrandNode开源的一套基于ASP.NET CORE和MongoDB的、跨平台的开源电子商务解决方案。 GrandNode 2.3.0及之前版本存在竞争条件问题漏洞,该漏洞源于组件Voucher Handler中文件/checkout/ConfirmOrder/对参数giftvouchercouponcode的错误操作导致竞争条件。
CVSS Information
N/A
Vulnerability Type
N/A