Spree Commerce  is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection  vulnerabilities on it that affected any version >= 1.0.0.
The vendor has provided patches that fix the flaws . Our advisory with more detailed information can be found at our website .