CVE-2020-15269

Published about 1 month ago
Category: Authentication
Source: GitHub
Severity: Critical

Vulnerability in spree

Impact

The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints.

Patches

Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

~> 3.7.11 ~> 4.0.4 >= 4.1.11

Unaffected Versions

< 3.7.0

References

n/a