Lucene search
GoogleOSV:CVE-2020-26223HistoryNov 13, 2020 - 6:15 p.m.
CVE-2020-26223
2020-11-1318:15:12
Google
osv.dev
2
spree
e-commerce
ruby on rails
authorization bypass
cve-2020-26223
api endpoint
EPSS
0.002
Percentile
55.3%
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token. This is patched in versions 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree < 3.7 are not affected.
Related
nvd
nvd
CVE-2020-26223
2020-11-13 18:15:12
veracode
veracode
Authorization Bypass
2020-11-16 03:02:19
prion
prion
Authorization
2020-11-13 18:15:00
cve
cve
CVE-2020-26223
2020-11-13 18:15:12
github
github
Authorization bypass in Spree
2020-11-13 17:18:22
rubygems
rubygems
Authorization bypass in Spree
2020-11-12 21:00:00
cvelist
cvelist
CVE-2020-26223 Authorization bypass in Spree
2020-11-13 17:25:20
osv
osv
Authorization bypass in Spree
2020-11-13 17:18:22