CVE-2021-41274

Cross-Site Request Forgery (CSRF) in gem/solidus_auth_devise

Identifiers

CVE-2021-41274, GHSA-xm34-v85h-9pg2

Package Slug

gem/solidusauthdevise

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem.Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception).

Affected Versions

All versions starting from 1.0.0 before 2.5.4

Solution

Upgrade to version 2.5.4 or above.

Last Modified

2021-11-24

source