Sha256: 4883f6763e59f2e1c2239e47dcb43f8d935331e4cd3675e5090f62cab2bfdb51

Contents?: true

Size: 606 Bytes

Versions: 6

Compression:

Stored size: 606 Bytes

Contents

---
gem: spree
cve: 2013-1656
osvdb: 91216
url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
title: |
  Spree promotion_actions_controller.rb promotion_action Parameter Arbitrary
  Ruby Object Instantiation Command Execution
date: 2013-02-21
description: |
  Spree contains a flaw that is triggered when handling input passed via the
  'promotion_action' parameter to promotion_actions_controller.rb. This may
  allow a remote authenticated attacker to instantiate arbitrary Ruby objects
  and potentially execute arbitrary commands.
cvss_v2: 4.3
patched_versions:
  - ">= 2.0.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/spree/OSVDB-91216.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/spree/OSVDB-91216.yml