Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Spree Commerce users can view completed guest orders by Order ID
Vulnerability Description
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users (including names, addresses and phone numbers). This issue has been patched in versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Spree 安全漏洞
Vulnerability Description
Spree是个人开发者的一款采用Ruby on Rails开发的开源商城。 Spree 5.0.8之前版本、5.1.10之前版本、5.2.7之前版本和5.3.2之前版本存在安全漏洞,该漏洞源于未经验证的用户可以查看已完成的访客订单,可能导致访客用户的个人信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A