Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.
The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed information can be found at our website [4].
[1] http://spreecommerce.com
[2] http://blog.conviso.com.br/exploiting-unsafe-reflection-in
[3] http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
[4] https://www.conviso.com.br/advisories/CVE-2013-1656.txt
Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+
Hiiii….Thanks for sharing Great info…Nice post…
Spree Commerce Development