RubyGems package
spree_auth_devise
pkg:gem/spree_auth_devise
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41275 | — | >= 4.3.0, < 4.4.1 | 4.4.1 | Nov 17, 2021 | spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that | ||
| CVE-2013-2506 | — | >= 1.0.0, < 3.0.5 | 3.0.5 | Mar 8, 2013 | app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves. |
- CVE-2021-41275Nov 17, 2021affected >= 4.3.0, < 4.4.1fixed 4.4.1
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that
- CVE-2013-2506Mar 8, 2013affected >= 1.0.0, < 3.0.5fixed 3.0.5
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.