Lucene search
K

6 matches found

Veracode
Veracode
added 2021/11/18 5:1 a.m.19 views

Authentication Bypass

spreeauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both below: 1Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given before the :loadobject hook in...

9.3CVSS2.7AI score0.0052EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2021/11/18 4:29 a.m.18 views

Authentication Bypass

solidusauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both: 1Executed whether as: A beforeaction callback the default 2A prependbeforeaction option prepend: true given before the :loadobject hook in...

9.3CVSS2.6AI score0.00609EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2021/11/17 8:15 p.m.26 views

CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

9.3CVSS0.00609EPSS
Exploits1References2
OSV
OSV
added 2021/11/17 8:15 p.m.15 views

CVE-2021-41274

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

8.8CVSS8.8AI score0.00609EPSS
Exploits1References2
Prion
Prion
added 2021/11/17 8:15 p.m.21 views

Cross site request forgery (csrf)

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

6.8CVSS8.7AI score0.00609EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/17 7:55 p.m.29 views

CVE-2021-41274 Authentication Bypass by CSRF Weakness

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidusauthdevise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevi...

9.3CVSS9.5AI score0.00609EPSS
Exploits1References2
Rows per page
Query Builder