CVE-2021-41275
The CVE-2021-41275 entry affects spree_auth_devise (used with Spree storefronts) and describes a CSRF vulnerability that can lead to user account takeover when protect_from_forgery is misconfigured (before_action and optional prepend_before_action before Spree::UserController::load_object) and th...