VYPR

RubyGems package

solidus_frontend

pkg:gem/solidus_frontend

Vulnerabilities (2)

  • CVE-2021-43846Dec 20, 2021
    affected < 2.11.14fixed 2.11.14

    `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without the

  • CVE-2020-15109Aug 4, 2020
    affected < 2.8.6fixed 2.8.6

    In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order withou