{"url":"http://public2.vulnerablecode.io/api/packages/52199?format=json","purl":"pkg:gem/spree@2.3.8","type":"gem","namespace":"","name":"spree","version":"2.3.8","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.5","latest_non_vulnerable_version":"3.0.5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37819?format=json","vulnerability_id":"VCID-s4mu-v75h-dfep","summary":"Private information access through CSRF\nA vulnerability in the API can allow an attacker to commit CSRF gaining access to private information.","references":[{"reference_url":"http://osvdb.org/show/osvdb/119205","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/show/osvdb/119205"},{"reference_url":"https://spreecommerce.com/blog/security-updates-2015-3-3","reference_id":"","reference_type":"","scores":[],"url":"https://spreecommerce.com/blog/security-updates-2015-3-3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52198?format=json","purl":"pkg:gem/spree@2.2.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/spree@2.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52199?format=json","purl":"pkg:gem/spree@2.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/spree@2.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/52200?format=json","purl":"pkg:gem/spree@2.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/spree@2.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52201?format=json","purl":"pkg:gem/spree@3.0.0.rc4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/spree@3.0.0.rc4"}],"aliases":["OSVDB-119205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4mu-v75h-dfep"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/spree@2.3.8"}