Package impact
RubyGems / spree
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3978 | medium | — | 5.0 | 16y ago | Spree allows remote attackers to obtain sensitive information | |||
| CVE-2008-7310 | medium | — | 5.0 | 18y ago | Spree does not properly restrict the use of a hash to provide values for a model's attributes | |||
| CVE-2008-7311 | medium | — | 5.0 | 18y ago | Spree uses a hardcoded hash value | |||
| CVE-2013-1656 | medium | — | 4.3 | 14y ago | Spree Improper Input Validation vulnerability | |||
| CVE-2013-2506 | medium | — | 4.0 | 14y ago | spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles |