2 matches found
GHSA-F8CM-364F-Q9QH Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Workarounds In your project directory create a decorator file...
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version...