CVE-2008-7311: Credentials Management Errors
(updated )
The session cookie store implementation in Spree uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
References
Detect and mitigate CVE-2008-7311 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →