pkg:RubyGems/spree

7 total CVEsCRITICAL1HIGH1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2011-10019Spree has Remote Command Execution vulnerability in search functionality
    from 0, < 0.60.2
  • HIGH7.4CVE-2020-15269Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls
    from 0, < 3.7.11
  • CVE-2011-10026Spree Commerce is vulnerable to RCE through Search API
    >= 0.30.0.beta1, < 0.50.0
  • CVE-2008-7310Spree does not properly restrict the use of a hash to provide values for a model's attributes
    from 0, < 0.4.0
  • CVE-2008-7311Spree uses a hardcoded hash value
    from 0, < 0.4.0
  • CVE-2010-3978Spree allows remote attackers to obtain sensitive information
    >= 0.11.0, < 0.11.2
  • CVE-2013-1656Spree Improper Input Validation vulnerability
    >= 1.0.0, < 2.0.0.rc1