VYPR

RubyGems package

solidus_api

pkg:gem/solidus_api

Vulnerabilities (1)

  • CVE-2020-15109Aug 4, 2020
    affected < 2.8.6fixed 2.8.6

    In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order withou