Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Spree Commerce信息泄露漏洞
Vulnerability Description
Spree(又名Spree Commerce)是美国Spree Commerce公司的一套基于Ruby on Rails的开源电子商务解决方案。 Spree 0.11.2之前的0.11.x版本以及0.30.0之前的0.30.x版本交换了使用不带验证请求机制的avaScript Object Notation(JSON)的数据。远程攻击者可以借助和(1)admin/products.json,(2)admin/users.json,或者(3)admin/overview/get_report_data有关的
CVSS Information
N/A
Vulnerability Type
N/A