Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/spree_core@5.2.5
purl pkg:gem/spree_core@5.2.5
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-rn35-cgp8-tfc1 Spree API has Unauthenticated IDOR - Guest Address An Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. CVE-2026-22589
GHSA-3ghg-3787-w2xr

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:49:26.469975+00:00 GitLab Importer Fixing VCID-rn35-cgp8-tfc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/spree_core/CVE-2026-22589.yml 38.6.0