github - ghsa-j3h5-q35j-p5vv

ghsa-j3h5-q35j-p5vv

Vulnerability from github

Published

2024-12-04 15:31

Modified

2024-12-04 15:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: through 04.12.2024.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-04T14:15:21Z",
    "severity": "MODERATE"
  },
  "details": "Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: through 04.12.2024.\n\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-j3h5-q35j-p5vv",
  "modified": "2024-12-04T15:31:52Z",
  "published": "2024-12-04T15:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7488"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-24-1877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-7488 (GCVE-0-2024-7488)

Vulnerability from cvelistv5

Published

2024-12-04 14:03

Modified

2025-10-21 14:09

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-190 - Integer Overflow or Wraparound
CWE-1284 - Improper Validation of Specified Quantity in Input

Summary

Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.

References

URL

Tags

https://www.usom.gov.tr/bildirim/tr-24-1877

Impacted products

	Vendor	Product	Version
	RestApp Inc.	Online Ordering System	Version: 8.2.1 < Patch: 0

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:restapp:online_ordering_system:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "online_ordering_system",
            "vendor": "restapp",
            "versions": [
              {
                "lessThanOrEqual": "04.12.2024",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7488",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:31:14.564794Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T14:09:32.523Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Online Ordering System",
          "vendor": "RestApp Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.2.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yagiz BILGILI"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "Privia Security Inc."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.\u003cp\u003e\n\u003c/p\u003e\u003cp\u003eThis issue affects Online Ordering System: 8.2.1. \u003c/p\u003e\u003cp\u003eNOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.\n\n\nThis issue affects Online Ordering System: 8.2.1. \n\nNOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-128",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-128 Integer Attacks"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T13:03:48.586Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "url": "https://www.usom.gov.tr/bildirim/tr-24-1877"
        }
      ],
      "source": {
        "advisory": "TR-24-1877",
        "defect": [
          "TR-24-1877"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Business Logic Error in RestApp Inc.\u0027s Online Ordering System",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2024-7488",
    "datePublished": "2024-12-04T14:03:49.141Z",
    "dateReserved": "2024-08-05T13:32:43.125Z",
    "dateUpdated": "2025-10-21T14:09:32.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.