Sha256: 69ce18835dc7313a1d73f44dc6477a6fb93fb89264d2d6a931b91dcdeee08ec0

Contents?: true

Size: 487 Bytes

Versions: 6

Compression:

Stored size: 487 Bytes

Contents

---
gem: spree
osvdb: 125701
url: https://spreecommerce.com/blog/security-updates-2015-7-20
title: |
  Spree RABL templates rendering allows Arbitrary Code Execution and File
  Disclosure
date: 2015-07-20
description: |
  Spree contains a flaw where the rendering of arbitrary RABL templates allows
  for execution arbitrary files on the host system, as well as disclosing the
  existence of files on the system.
patched_versions:
  - ~> 2.2.12
  - ~> 2.3.11
  - ~> 2.4.8
  - ">= 3.0.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/spree/OSVDB-125701.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/spree/OSVDB-125701.yml