14 matches found
GHSA-GPQC-4PP7-5954 Duplicate Advisory: Authentication Bypass by CSRF Weakness
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...
GHSA-6MQR-Q86Q-6GWR Duplicate Advisory: Authentication Bypass by CSRF Weakness
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...
GHSA-5629-8855-GF4G Authentication Bypass by CSRF Weakness
Impact The actual vulnerability has been discovered on solidusauthdevise. See GHSA-xm34-v85h-9pg2 for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update solidusauthdevise. For this reason, it has been marked as...
Authentication Bypass by CSRF Weakness
Impact The actual vulnerability has been discovered on solidusauthdevise. See GHSA-xm34-v85h-9pg2 for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update solidusauthdevise. For this reason, it has been marked as...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...
GHSA-XM34-V85H-9PG2 Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...
Authentication Bypass
solidusauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both: 1Executed whether as: A beforeaction callback the default 2A prependbeforeaction option prepend: true given before the :loadobject hook in...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...
CVE-2021-41274
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
CVE-2021-41274
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
Cross site request forgery (csrf)
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...
Cross site request forgery (csrf)
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...
CVE-2021-41274
The CVE-2021-41274 entry concerns solidus_auth_devise, which provides authentication for Solidus via the Devise gem. A CSRF weakness allows account takeover when protect_from_forgery is executed before the :load_object hook in Spree::UserController, for configurations using :null_session or :rese...
CVE-2021-41274 Authentication Bypass by CSRF Weakness
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...