Sha256: f5cb3b62a5b0b998acf53572d3e3c08b14d8cce79bb93ab419ec79f80dfc5d84

Contents?: true

Size: 677 Bytes

Versions: 6

Compression:

Stored size: 677 Bytes

Contents

---
gem: spree_auth_devise
cve: 2013-2506
osvdb: 90865
url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
title: |
  Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege
  Escalation
date: 2013-02-21
description: |
  Spree contains a flaw that leads to unauthorized privileges being gained. The
  issue is triggered as certain input related to mass role assignment in
  app/models/spree/user.rb is not properly verified before being used to update
  a user. This may allow a remote attacker to assign arbitrary roles and gain
  elevated administrative privileges.
cvss_v2: 4.0
patched_versions:
  - ~> 1.1.6
  - ~> 1.2.0
  - ">= 1.3.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/spree_auth_devise/OSVDB-90865.yml