Skip to content

Commit 37d482b

Browse files
jasnowRubySec CI
authored andcommitted
Updated advisory posts against rubysec/ruby-advisory-db@386b1cf
1 parent 53a34c6 commit 37d482b

File tree

1 file changed

+9
-4
lines changed

1 file changed

+9
-4
lines changed

advisories/_posts/2013-02-21-CVE-2013-1656.md

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,11 @@ advisory:
99
gem: spree
1010
cve: 2013-1656
1111
ghsa: jxx8-v83v-rhw3
12-
url: https://blog.convisoappsec.com/en/spree-commerce-multiple-unsafe-reflection-vulnerabilities-cve-2013-1656
12+
url: https://github.com/advisories/GHSA-jxx8-v83v-rhw3
1313
title: Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution
1414
date: 2013-02-21
1515
description: |
16-
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated
16+
Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated
1717
administrators to instantiate arbitrary Ruby objects and executd
1818
arbitrary commands via the
1919
(1) payment_method parameter to core/app/controllers/spree/admin/
@@ -25,8 +25,13 @@ advisory:
2525
of the constantize function.
2626
cvss_v2: 4.3
2727
patched_versions:
28-
- ">= 2.0.0"
28+
- ">= 2.0.0.rc1"
2929
related:
3030
url:
31-
- https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
31+
- https://nvd.nist.gov/vuln/detail/CVE-2013-1656
32+
- https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7
33+
- https://web.archive.org/web/20130907044454/https://www.conviso.com.br/advisories/CVE-2013-1656.txt
34+
- https://web.archive.org/web/20140329142330/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
35+
- https://web.archive.org/web/20140618100330/http://blog.conviso.com.br/2013/03/spree-commerce-multiple-unsafe.html
36+
- https://github.com/advisories/GHSA-jxx8-v83v-rhw3
3237
---

0 commit comments

Comments
 (0)