CNNVD-202509-1482 Information

CNNVD ID

CNNVD-202509-1482

Related CVE

CVE-2025-10216

• CNNVD Published: 2025-09-10

Description (Chinese)

GrandNode是GrandNode开源的一套基于ASP.NET CORE和MongoDB的、跨平台的开源电子商务解决方案。 GrandNode 2.3.0及之前版本存在竞争条件问题漏洞，该漏洞源于组件Voucher Handler中文件/checkout/ConfirmOrder/对参数giftvouchercouponcode的错误操作导致竞争条件。

Description (English)

GrandNode is a set of open-source e-commerce solutions for GrandNode based on ASP.NET CORE and MongoDB. Grand Node 2.3.0 and previous versions had a gap in competition conditions, which arose from document /checkout/ConfirmOrder/correction of the parameter giftvouchercouponcode in component Voucher Handler.

Hazard Level

Critical

Vulnerability Type

竞争条件问题

Affected Vendor

GrandNode

Published

2025-09-10

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.323485 https://vuldb.com/?id.323485 https://vuldb.com/?submit.640784