CVE-2021-43846 CSRF forgery protection bypass for Spree::OrdersController#populate

solidusfrontend is the cart and storefront for the Solidus e-commerce project. Versions of solidusfrontend prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery CSRF vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions...