Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/spree_storefront@5.3.2

Type gem

Namespace

Name spree_storefront

Version 5.3.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-zffp-88zp-w3hg

vulnerability_id VCID-zffp-88zp-w3hg

summary

Unauthenticated Spree Commerce users can view completed guest orders by Order ID
This issue may lead to disclosure of PII of guest users (including names, addresses and phone numbers).

references

reference_url

https://github.com/spree/spree

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree

reference_url

https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L14

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L14

reference_url

https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L51C1-L55C8

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L51C1-L55C8

reference_url

https://github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7cc/core/lib/spree/core/number_generator.rb#L45

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7cc/core/lib/spree/core/number_generator.rb#L45

reference_url

https://github.com/spree/spree/commit/3e00be64c128ef4bd4b99731f0c3ab469509cfab

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/commit/3e00be64c128ef4bd4b99731f0c3ab469509cfab

reference_url

https://github.com/spree/spree/commit/6b32ed7d474aa55fa441990e6aa39740152aa1be

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/commit/6b32ed7d474aa55fa441990e6aa39740152aa1be

reference_url

https://github.com/spree/spree/commit/6f6b8a7a28a8bff24a6e20eab04b4bbbdf39384d

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/commit/6f6b8a7a28a8bff24a6e20eab04b4bbbdf39384d

reference_url

https://github.com/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb1ad

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb1ad

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25757

reference_id

CVE-2026-25757

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25757

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_storefront/CVE-2026-25757.yml

reference_id

CVE-2026-25757.YML

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_storefront/CVE-2026-25757.yml

reference_url	https://github.com/advisories/GHSA-p6pv-q7rc-g4h9
reference_id	GHSA-p6pv-q7rc-g4h9
reference_type
scores
url	https://github.com/advisories/GHSA-p6pv-q7rc-g4h9

reference_url

https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9

reference_id

GHSA-p6pv-q7rc-g4h9

reference_type

scores

value	7.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9

fixed_packages

url	pkg:gem/spree_storefront@5.0.8
purl	pkg:gem/spree_storefront@5.0.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.0.8

url pkg:gem/spree_storefront@5.1.0.beta

purl pkg:gem/spree_storefront@5.1.0.beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zffp-88zp-w3hg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.1.0.beta

url	pkg:gem/spree_storefront@5.1.10
purl	pkg:gem/spree_storefront@5.1.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.1.10

url pkg:gem/spree_storefront@5.2.0.rc1

purl pkg:gem/spree_storefront@5.2.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zffp-88zp-w3hg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.2.0.rc1

url	pkg:gem/spree_storefront@5.2.7
purl	pkg:gem/spree_storefront@5.2.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.2.7

url pkg:gem/spree_storefront@5.3.0.rc1

purl pkg:gem/spree_storefront@5.3.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zffp-88zp-w3hg

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.3.0.rc1

url	pkg:gem/spree_storefront@5.3.2
purl	pkg:gem/spree_storefront@5.3.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.3.2

aliases CVE-2026-25757, GHSA-p6pv-q7rc-g4h9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zffp-88zp-w3hg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.3.2

Package Instance