VulnerableCode Package Details - pkg:gem/solidus

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-c2de-ucf9-eqcp	Authentication Bypass by CSRF Weakness ### Impact The actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end. ### Patches For extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`. ### Workarounds Look at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### References - [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### For more information If you have any questions or comments about this advisory: * Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions) * Email us at [security@solidus.io](mailto:security@soliidus.io) * Contact the core team on [Slack](http://slack.solidus.io/)	GHSA-5629-8855-gf4g GMS-2021-4

Vulnerability

Summary

Aliases

VCID-c2de-ucf9-eqcp

Authentication Bypass by CSRF Weakness ### Impact The actual vulnerability has been discovered on `solidus_auth_devise`. See [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2) for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update `solidus_auth_devise`. For this reason, it has been marked as low impact on this end. ### Patches For extra security, update `solidus_core` to versions `3.1.3`, `3.0.3` or `2.11.12`. ### Workarounds Look at the workarounds described at [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### References - [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2). ### For more information If you have any questions or comments about this advisory: * Open an issue in [solidus_auth_devise](https://github.com/solidusio/solidus_auth_devise/issues) or a discussion in [solidus](https://github.com/solidusio/solidus/discussions) * Email us at [security@solidus.io](mailto:security@soliidus.io) * Contact the core team on [Slack](http://slack.solidus.io/)

GHSA-5629-8855-gf4g
GMS-2021-4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:40:32.057526+00:00	GitLab Importer	Fixing	VCID-c2de-ucf9-eqcp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_core/GMS-2021-4.yml	38.6.0

2026-06-02T04:40:32.057526+00:00

GitLab Importer

Fixing

VCID-c2de-ucf9-eqcp

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_core/GMS-2021-4.yml

38.6.0