GHSA-3GHG-3787-W2XR Spree API has Unauthenticated IDOR - Guest Address
Summary An Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. Details During testing, it was observed that all guest users can make a...