News

Spree Commerce Multiple Unsafe Reflection Vulnerabilities (CVE-2013-1656)

Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.

The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed information can be found at our website [4].

[1] http://spreecommerce.com
[2] http://blog.conviso.com.br/exploiting-unsafe-reflection-in
[3] http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
[4] https://www.conviso.com.br/advisories/CVE-2013-1656.txt

Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+
About author

Articles

A team of professionals, highly connected on news, techniques and information about application security
Related posts
News

Conviso acquired Gauntlet.io

The technology developed by Gauntlet will be incorporated to the AppSec Flow, expanding the services…
Read more
News

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss…
Read more
News

ekoparty 2013 - Wrap Up of 1st Day

Ekoparty is an Infomartion Security Conference that happens every year in Buenos Aires Argentina.
Read more

Deixe um comentário