Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) in spree_auth_devise.
Advisories for Gem/Spree_auth_devise package
2021
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) in spree_auth_devise.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) in spree_auth_devise.
Cross-Site Request Forgery (CSRF)
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework.* Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails –new generated skeleton use :exception).
2013
Permissions, Privileges, and Access Controls
app/models/spree/user.rb in spree_auth_devise in Spree does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.