PT-2021-24381 · Solidus · Solidus Core+1
Published
2021-11-18
·
Updated
2021-11-18
CVSS v3.1
9.3
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
solidus auth devise (affected versions not specified)
solidus core versions prior to 2.11.12
solidus core versions prior to 3.0.3
solidus core versions prior to 3.1.3
Description:
A security issue has been discovered in
solidus auth devise. The vulnerability allows for a potential security risk. For extra security, updating solidus core to specific versions is recommended.Recommendations:
For versions prior to 2.11.12, update to version 2.11.12 or later.
For versions prior to 3.0.3, update to version 3.0.3 or later.
For versions prior to 3.1.3, update to version 3.1.3 or later.
As a temporary workaround, consider applying the monkey patch provided for users who don't update
solidus auth devise. Look at the workarounds described in the security advisory for solidus auth devise.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Solidus Auth Devise
Solidus Core