CVE-2008-7311
CVE-2008-7311 concerns the Spree 0.2.0 session cookie store, which uses a hardcoded config.action_controller_session hash (secret key). This weak key material can allow remote attackers to bypass cryptographic protections by exploiting an application that contains this value in config/environment...