CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

Solidus 跨站请求伪造漏洞

Solidus is an open source e-commerce system. A cross-site request forgery vulnerability exists in Solidus Solidusauthdevise, which stems from a lack of CSRF authentication in the product. An attacker could send an unintended request to the server through this vulnerability...