spree_auth_devise

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting spree_auth_devisepage 1 of 1

CVE-2013-2506NONECVSS 0.0✓ Fixed in 3.0.5
2013-03-08
vulnerable: 1.0.0, 1.0.1, 1.2.0, 1.3.1
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
CVE-2021-41275CRITICALCVSS 9.3EG 9.3✓ Fixed in 4.0.1
2021-11-17
vulnerable: 1.0.0 ... 4.0.0.rc2 (22 versions)
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise…

Check whether spree_auth_devise is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for spree_auth_devise CVEs against the assets you own.

Start Free Scan →