News

Spree Commerce Multiple Unsafe Reflection Vulnerabilities (CVE-2013-1656)

Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.

The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed information can be found at our website [4].

[1] http://spreecommerce.com
[2] http://blog.conviso.com.br/exploiting-unsafe-reflection-in
[3] http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
[4] https://www.conviso.com.br/advisories/CVE-2013-1656.txt

Originalmente postado no Blog da Conviso Application Security – Siga-nos no Twitter @conviso Google+
About author

Articles

A team of professionals, highly connected on news, techniques and information about application security
Related posts
Application SecurityNews

The Amazing Electrosphere

In the daily journey of security analysts, when performing intrusion tests, some steps end up being…
Read more
Application SecurityCode FightersNews

Research: CVE-2021-43076 and the Risks Caused by Insecure Design

In the latest edition of OWASP TOP 10 Vulnerabilities 2021, some new categories were introduced in…
Read more
Application SecurityCode FightersNews

Case Study: Plone CVE-2021-33512 and Threat Modeling with Conviso Platform

An internal project by Conviso’s Consulting team, called ConsultingLabs, was created with the…
Read more

1 Comment

Deixe um comentário

%d bloggers like this: