Search for packages
| purl | pkg:gem/solidus_api@3.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6n5g-nh97-nbbf
Aliases: CVE-2021-43846 GHSA-h3fg-h5v3-vf8m |
Cross-Site Request Forgery (CSRF) `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:40:47.013821+00:00 | GitLab Importer | Affected by | VCID-6n5g-nh97-nbbf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_api/CVE-2021-43846.yml | 38.6.0 |