News

Spree Commerce Multiple Unsafe Reflection Vulnerabilities (CVE-2013-1656)

Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.

The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed information can be found at our website [4].

[1] http://spreecommerce.com
[2] http://blog.conviso.com.br/exploiting-unsafe-reflection-in
[3] http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
[4] https://www.conviso.com.br/advisories/CVE-2013-1656.txt

Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+
About author

Articles

A team of professionals, highly connected on news, techniques and information about application security
Related posts
Application SecurityCode FightersNews

Case Study: Plone CVE-2021-33512 and Threat Modeling with Conviso Platform

An internal project by Conviso’s Consulting team, called ConsultingLabs, was created with the…
Read more
Application SecurityNews

Developer Community: Discover the benefits of participating

While development is often considered a solitary career, learning to code requires a collaborative…
Read more
Application SecurityNews

Conviso presents an overview of the current Brazilian AppSec scenario

Conviso released the results of the survey “The scenario of the Brazilian Application Security…
Read more

1 Comment

Deixe um comentário

%d bloggers like this: