What is the CVSS score of CVE-2024-58248?

CVE-2024-58248 has a CVSS 3.1 base score of 3.5 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Nopcommerce are affected by CVE-2024-58248?

CVE-2024-58248 is a low-severity vulnerability (CVSS 3.5). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

Is there a public PoC exploit available for CVE-2024-58248?

Yes, a public proof-of-concept exploit is available for CVE-2024-58248. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2024-58248?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Nopcommerce CVE-2024-58248

LOW

Race Condition (CWE-362)

2025-04-16 cve@mitre.org

Information Disclosure Race Condition Nopcommerce

3.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

3.5 LOW

AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:37 vuln.today

Patch released

Mar 28, 2026 - 18:37 nvd

Patch available

PoC Detected

Dec 19, 2025 - 17:14 vuln.today

Public exploit code

CVE Published

Apr 16, 2025 - 14:15 nvd

LOW 3.5

DescriptionCVE.org

nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.

AnalysisAI

nopCommerce through 4.90.1 does not offer locking for order placement. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-362. nopCommerce through 4.90.1 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards. Affected products include: Nopcommerce. Version information: through 4.90.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-58248 vulnerability details – vuln.today

Back

Nopcommerce CVE-2024-58248

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code