CVE-2024-53476

Published: Dec 27, 2024

Modified: Dec 28, 2024

PUBLISHED

Description

A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/simplcommerce/SimplCommerce

https://github.com/AbdullahAlmutawa/CVE-2024-53476

https://github.com/simplcommerce/SimplCommerce/issues/1111

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-53476

Description

Affected Products

References