Spree Commerce Multiple Unsafe Reflection Vulnerabilities (CVE-2013-1656)

Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.

The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed information can be found at our website [4].

[1] http://spreecommerce.com
[2] http://blog.conviso.com.br/exploiting-unsafe-reflection-in
[3] http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
[4] https://www.conviso.com.br/advisories/CVE-2013-1656.txt

Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+


Deixe um comentário

%d bloggers like this: