| CVE-2010-3978 |
medium |
— |
5.0 |
|
|
|
16y ago |
Spree allows remote attackers to obtain sensitive information |
| CVE-2008-7310 |
medium |
— |
5.0 |
|
|
|
18y ago |
Spree does not properly restrict the use of a hash to provide values for a model's attributes |
| CVE-2008-7311 |
medium |
— |
5.0 |
|
|
|
18y ago |
Spree uses a hardcoded hash value |
| CVE-2013-1656 |
medium |
— |
4.3 |
|
|
|
14y ago |
Spree Improper Input Validation vulnerability |
| CVE-2013-2506 |
medium |
— |
4.0 |
|
|
|
14y ago |
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles |
| CVE-2011-10026 |
unknown |
— |
1.0 |
|
|
|
10mo ago |
Spree Commerce is vulnerable to RCE through Search API |
| CVE-2011-10019 |
unknown |
— |
1.0 |
|
|
|
16y ago |
Spree has Remote Command Execution vulnerability in search functionality |
| CVE-2020-15269 |
unknown |
— |
— |
|
|
|
6y ago |
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls |