VYPR
High severityNVD Advisory· Published Oct 20, 2020· Updated Aug 4, 2024

Expired token reuse in Spree

CVE-2020-15269

Description

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
spreeRubyGems
< 3.7.113.7.11
spreeRubyGems
>= 4.0.0, < 4.0.44.0.4
spreeRubyGems
>= 4.1.0, < 4.1.114.1.11

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.