CVE-2021-41275, GHSA-26xx-m4q2-xhq8
gem/spreeauthdevise
Cross-Site Request Forgery (CSRF)
spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework.* Configured to use :nullsession or :resetsession strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception).
All versions up to 4.0.1, all versions starting from 4.1.0 up to 4.4.1
Upgrade to versions 4.1.0.rc1, 4.4.2 or above.
2021-11-24
source |