CVE-2021-41274, GHSA-xm34-v85h-9pg2
gem/solidusauthdevise
Cross-Site Request Forgery (CSRF)
solidusauthdevise provides authentication services for the Solidus webstore framework, using the Devise gem.Configured to use :null_session
or :reset_session
strategies (:null_session
is the default in case the no strategy is given, but rails --new
generated skeleton use :exception
).
All versions starting from 1.0.0 before 2.5.4
Upgrade to version 2.5.4 or above.
2021-11-24
source |