Low
CVSS 3.5
Overview
nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.
CVE-2024-58248
nopCommerce before 4.80.0 does not offer locking for order placement. Thus there...
Risk analysis
This vulnerability is rated 🟢 LOW.
- CVSS: 3.5 (LOW)
- Detected tags: race (tag impact: LOW)
Recommended actions:
- Prioritize remediation based on business criticality and exposure.
- Limit exposure and increase monitoring until fixed.