VYPR

RubyGems package

solidus_auth_devise

pkg:gem/solidus_auth_devise

Vulnerabilities (1)

  • CVE-2021-41274CriNov 17, 2021
    affected >= 1.0.0, < 2.5.4fixed 2.5.4

    solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend compone