Search for packages
| purl | pkg:gem/solidus_api@2.10.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qss2-pgck-eybx
Aliases: CVE-2021-43846 GHSA-h3fg-h5v3-vf8m |
CSRF forgery protection bypass in solidus_frontend |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-s3ju-k74e-1fbh
Aliases: CVE-2022-31000 GHSA-8639-qx56-r428 |
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T18:25:01.035949+00:00 | GitLab Importer | Affected by | VCID-s3ju-k74e-1fbh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_api/CVE-2022-31000.yml | 38.6.0 |
| 2026-06-12T17:54:34.899435+00:00 | GitLab Importer | Affected by | VCID-qss2-pgck-eybx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/solidus_api/CVE-2021-43846.yml | 38.6.0 |