The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote malicious users to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spreecommerce spree 0.2.0 |