CVE-2021-41275

Cross-Site Request Forgery (CSRF) in gem/spree_auth_devise

Identifiers

CVE-2021-41275, GHSA-26xx-m4q2-xhq8

Package Slug

gem/spreeauthdevise

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework.* Configured to use :nullsession or :resetsession strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception).

Affected Versions

All versions up to 4.0.1, all versions starting from 4.1.0 up to 4.4.1

Solution

Upgrade to versions 4.1.0.rc1, 4.4.2 or above.

Last Modified

2021-11-24

source