3 matches found
CVE-2021-41274
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
CVE-2021-41274 Authentication Bypass by CSRF Weakness
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
CVE-2021-41274
The CVE-2021-41274 entry concerns solidus_auth_devise, which provides authentication for Solidus via the Devise gem. A CSRF weakness allows account takeover when protect_from_forgery is executed before the :load_object hook in Spree::UserController, for configurations using :null_session or :rese...