Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/spree_core@4.1.14

Type gem

Namespace

Name spree_core

Version 4.1.14

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.10.2

Latest_non_vulnerable_version 5.2.5

Affected_by_vulnerabilities

url VCID-1373-hmyc-sqbx

vulnerability_id VCID-1373-hmyc-sqbx

summary

Spree API has Unauthenticated IDOR - Guest Address
An Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22589

reference_id

reference_type

scores

value	0.00089
scoring_system	epss
scoring_elements	0.25386
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22589

reference_url

https://github.com/spree/spree

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree

reference_url

https://github.com/spree/spree/commit/16067def6de8e0742d55313e83b0fbab6d2fd795

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:32:40Z/

url

https://github.com/spree/spree/commit/16067def6de8e0742d55313e83b0fbab6d2fd795

reference_url

https://github.com/spree/spree/commit/4c2bd62326fba0d846fd9e4bad2c62433829b3ad

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:32:40Z/

url

https://github.com/spree/spree/commit/4c2bd62326fba0d846fd9e4bad2c62433829b3ad

reference_url

https://github.com/spree/spree/commit/d051925778f24436b62fa8e4a6b842c72ca80a67

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:32:40Z/

url

https://github.com/spree/spree/commit/d051925778f24436b62fa8e4a6b842c72ca80a67

reference_url

https://github.com/spree/spree/commit/e1cff4605eb15472904602aebaf8f2d04852d6ad

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:32:40Z/

url

https://github.com/spree/spree/commit/e1cff4605eb15472904602aebaf8f2d04852d6ad

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-22589

reference_id

CVE-2026-22589

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-22589

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_core/CVE-2026-22589.yml

reference_id

CVE-2026-22589.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_core/CVE-2026-22589.yml

reference_url

https://github.com/advisories/GHSA-3ghg-3787-w2xr

reference_id

GHSA-3ghg-3787-w2xr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3ghg-3787-w2xr

reference_url

https://github.com/spree/spree/security/advisories/GHSA-3ghg-3787-w2xr

reference_id

GHSA-3ghg-3787-w2xr

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:32:40Z/

url

https://github.com/spree/spree/security/advisories/GHSA-3ghg-3787-w2xr

fixed_packages

url	pkg:gem/spree_core@4.10.2
purl	pkg:gem/spree_core@4.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@4.10.2

url	pkg:gem/spree_core@5.0.7
purl	pkg:gem/spree_core@5.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@5.0.7

url pkg:gem/spree_core@5.1.0.beta

purl pkg:gem/spree_core@5.1.0.beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1373-hmyc-sqbx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@5.1.0.beta

url	pkg:gem/spree_core@5.1.9
purl	pkg:gem/spree_core@5.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@5.1.9

url pkg:gem/spree_core@5.2.0.rc1

purl pkg:gem/spree_core@5.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1373-hmyc-sqbx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@5.2.0.rc1

url	pkg:gem/spree_core@5.2.5
purl	pkg:gem/spree_core@5.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@5.2.5

aliases CVE-2026-22589, GHSA-3ghg-3787-w2xr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1373-hmyc-sqbx

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_core@4.1.14

Package Instance