File tree Expand file tree Collapse file tree 1 file changed +9
-4
lines changed Expand file tree Collapse file tree 1 file changed +9
-4
lines changed Original file line number Diff line number Diff line change @@ -9,11 +9,11 @@ advisory:
9
9
gem : spree
10
10
cve : 2013-1656
11
11
ghsa : jxx8-v83v-rhw3
12
- url : https://blog.convisoappsec. com/en/spree-commerce-multiple-unsafe-reflection-vulnerabilities-cve-2013-1656
12
+ url : https://github. com/advisories/GHSA-jxx8-v83v-rhw3
13
13
title : Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution
14
14
date : 2013-02-21
15
15
description : |
16
- Spree Commerce 1.0.x through 1.3.2 allows remote authenticated
16
+ Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated
17
17
administrators to instantiate arbitrary Ruby objects and executd
18
18
arbitrary commands via the
19
19
(1) payment_method parameter to core/app/controllers/spree/admin/
@@ -25,8 +25,13 @@ advisory:
25
25
of the constantize function.
26
26
cvss_v2 : 4.3
27
27
patched_versions :
28
- - " >= 2.0.0"
28
+ - " >= 2.0.0.rc1 "
29
29
related :
30
30
url :
31
- - https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
31
+ - https://nvd.nist.gov/vuln/detail/CVE-2013-1656
32
+ - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7
33
+ - https://web.archive.org/web/20130907044454/https://www.conviso.com.br/advisories/CVE-2013-1656.txt
34
+ - https://web.archive.org/web/20140329142330/http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
35
+ - https://web.archive.org/web/20140618100330/http://blog.conviso.com.br/2013/03/spree-commerce-multiple-unsafe.html
36
+ - https://github.com/advisories/GHSA-jxx8-v83v-rhw3
32
37
---
You can’t perform that action at this time.
0 commit comments