CVE-2024-53476

Name of the Vulnerable Software and Affected Versions SimplCommerce version 230310c8d7a0408569b292c5a805c459d47a1d8f

Description A race condition issue in the checkout logic allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders.

Recommendations For version 230310c8d7a0408569b292c5a805c459d47a1d8f, as a temporary workaround, consider implementing concurrency control measures in the checkout logic to prevent simultaneous purchase requests for the same product. Restrict access to the checkout endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.