Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spreecommerce spree 0.2.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-7311
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote malicious users to bypass cryptographic protection mechanisms by leveraging an application that contains this val...
Spreecommerce Spree 0.2.0
5
CVSSv2
CVE-2008-7310
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote malicious users to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerabili...
Spreecommerce Spree 0.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started