15 matches found
EUVD-2021-2276
Malware in sbrugna...
CVE-2021-41275
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...
GHSA-JP57-9J37-5476 spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...
GHSA-GPQC-4PP7-5954 Duplicate Advisory: Authentication Bypass by CSRF Weakness
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...
Duplicate Advisory: Authentication Bypass by CSRF Weakness
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...
GHSA-6MQR-Q86Q-6GWR Duplicate Advisory: Authentication Bypass by CSRF Weakness
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...
Duplicate Advisory: Authentication Bypass by CSRF Weakness
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-26xx-m4q2-xhq8. This link is maintained to preserve external references. Original Description Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via spreeauthdevise. Note: The package is affected only if protectfromforgery method is both: 1 Executed whether as: a A beforeaction callback the default b A prependbeforeaction option prepend: true give...
Authentication Bypass
spreeauthdevise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protectfromforgery method satisfy both below: 1Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given before the :loadobject hook in...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...
CVE-2021-41275
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...
Cross site request forgery (csrf)
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...
CVE-2021-41275
The CVE-2021-41275 entry affects spree_auth_devise (used with Spree storefronts) and describes a CSRF vulnerability that can lead to user account takeover when protect_from_forgery is misconfigured (before_action and optional prepend_before_action before Spree::UserController::load_object) and th...
CVE-2021-41275 Authentication Bypass by CSRF Weakness
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...