Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Spree信任管理漏洞
Vulnerability Description
Spree(又名Spree Commerce)是美国Spree Commerce公司的一套基于Ruby on Rails的开源电子商务解决方案。 Spree 0.2.0版本中的会话cookie储存实现中存在漏洞,该漏洞源于使用了一个硬编码的config.action_controller_session哈希值(也称密钥)。远程攻击者利用该漏洞更易于借助在config/environment.rb文件中的包含此值的应用程序绕过密码保护机制。
CVSS Information
N/A
Vulnerability Type
N/A