Search for packages
| purl | pkg:gem/solidus_core@2.11.12 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1amr-xv82-93ac
Aliases: CVE-2021-43805 GHSA-qxmr-qxh6-2cc9 |
Inefficient Regular Expression Complexity Solidus is a free, open-source ecommerce platform built on Rails.If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-c2de-ucf9-eqcp
Aliases: GHSA-5629-8855-gf4g GMS-2021-4 |
Authentication Bypass by CSRF Weakness ### Impact The actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end. ### Patches For extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`. ### Workarounds Look at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### References - [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### For more information If you have any questions or comments about this advisory: * Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions) * Email us at [security@solidus.io](mailto:security@soliidus.io) * Contact the core team on [Slack](http://slack.solidus.io/) |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-c2de-ucf9-eqcp | Authentication Bypass by CSRF Weakness ### Impact The actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end. ### Patches For extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`. ### Workarounds Look at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### References - [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### For more information If you have any questions or comments about this advisory: * Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions) * Email us at [security@solidus.io](mailto:security@soliidus.io) * Contact the core team on [Slack](http://slack.solidus.io/) |
GHSA-5629-8855-gf4g
GMS-2021-4 |