Search for packages
| purl | pkg:gem/solidus_backend@2.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s3ju-k74e-1fbh
Aliases: CVE-2022-31000 GHSA-8639-qx56-r428 |
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T09:22:13.275774+00:00 | Ruby Importer | Affected by | VCID-s3ju-k74e-1fbh | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/solidus_backend/CVE-2022-31000.yml | 38.6.0 |
| 2026-06-12T18:24:59.386389+00:00 | GitLab Importer | Affected by | VCID-s3ju-k74e-1fbh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_backend/CVE-2022-31000.yml | 38.6.0 |