Search for packages
| purl | pkg:gem/spree@2.2.8 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cwh1-mmky-ukcx
Aliases: CVE-2020-15269 GHSA-f8cm-364f-q9qh |
Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls ### Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. ### Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-s4mu-v75h-dfep
Aliases: OSVDB-119205 |
Private information access through CSRF A vulnerability in the API can allow an attacker to commit CSRF gaining access to private information. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:40:10.447348+00:00 | GitLab Importer | Affected by | VCID-cwh1-mmky-ukcx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/spree/CVE-2020-15269.yml | 38.6.0 |
| 2026-06-04T20:04:44.320791+00:00 | GitLab Importer | Affected by | VCID-s4mu-v75h-dfep | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/spree/OSVDB-119205.yml | 38.6.0 |