VYPR
Low severityNVD Advisory· Published Jun 1, 2022· Updated Apr 22, 2025

CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend

CVE-2022-31000

Description

solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
solidus_backendRubyGems
< 2.11.162.11.16
solidus_backendRubyGems
>= 3.0.0, < 3.0.63.0.6
solidus_backendRubyGems
>= 3.1.0, < 3.1.63.1.6

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.