Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage limits by sending concurrent checkout requests, resulting in unlimited redemptions of limited-use promotional codes and potential financial loss.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Medusa 安全漏洞
Vulnerability Description
Medusa是pyMedusa开源的一个电视节目的自动视频库管理器。 Medusa 2.12.2及之前版本存在安全漏洞,该漏洞源于促销模块的registerUsage函数存在竞争条件,可能导致未经身份验证的远程攻击者绕过使用限制。
CVSS Information
N/A
Vulnerability Type
N/A