RubyGems package
solidus_auth_devise
pkg:gem/solidus_auth_devise
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41274 | Cri | 9.3 | >= 1.0.0, < 2.5.4 | 2.5.4 | Nov 17, 2021 | solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend compone |
- affected >= 1.0.0, < 2.5.4fixed 2.5.4
solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend compone