CVE-2021-41274
The CVE-2021-41274 entry concerns solidus_auth_devise, which provides authentication for Solidus via the Devise gem. A CSRF weakness allows account takeover when protect_from_forgery is executed before the :load_object hook in Spree::UserController, for configurations using :null_session or :rese...