Search for packages
| purl | pkg:gem/solidus_api@3.1.5 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s3ju-k74e-1fbh
Aliases: CVE-2022-31000 GHSA-8639-qx56-r428 |
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-qss2-pgck-eybx | CSRF forgery protection bypass in solidus_frontend |
CVE-2021-43846
GHSA-h3fg-h5v3-vf8m |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T18:25:01.176584+00:00 | GitLab Importer | Affected by | VCID-s3ju-k74e-1fbh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_api/CVE-2022-31000.yml | 38.6.0 |
| 2026-06-12T15:42:57.865992+00:00 | GitLab Importer | Fixing | VCID-qss2-pgck-eybx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_api/CVE-2021-43846.yml | 38.6.0 |