spree_auth_devise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protect_from_forgery method satisfy both below: 1)Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). 2)Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception).
CPE | Name | Operator | Version |
---|---|---|---|
spree_auth_devise | le | 4.4.0 | |
spree_auth_devise | le | 4.2.0 | |
spree_auth_devise | le | 4.4.0 | |
spree_auth_devise | le | 4.2.0 |