EPSS
Percentile
50.8%
spree_api is vulnerable to token validation bypass. Failure to check for the expiry of the doorkeeper_token allows an attacker to access Storefront API v2 endpoints using expired user tokens.
doorkeeper_token
github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847
github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qh