Search criteria
12 vulnerabilities found for solidus by nebulab
FKIE_CVE-2022-31000
Vulnerability from fkie_nvd - Published: 2022-06-01 18:15 - Updated: 2024-11-21 07:03
Severity ?
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5D9F81-FC48-4924-9C43-2D769567A39C",
"versionEndExcluding": "2.11.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B58D450A-ADBF-4E0F-9C11-B11752ADE39E",
"versionEndExcluding": "3.0.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09243C20-0699-4273-A7B9-C2DE53E062E8",
"versionEndExcluding": "3.1.6",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order\u0027s adjustments if they hold its number, and the execution happens on a store administrator\u0027s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch."
},
{
"lang": "es",
"value": "solidus_backend es la interfaz de administraci\u00f3n del framework de comercio electr\u00f3nico Solidus. Las versiones anteriores a 3.1.6, 3.0.6 y 2.11.16, contienen una vulnerabilidad de tipo cross-site request forgery (CSRF). La vulnerabilidad permite a atacantes cambiar el estado de los ajustes de un pedido si presentan su n\u00famero, y la ejecuci\u00f3n ocurre en el ordenador de un administrador de la tienda. Los usuarios deben actualizar a solidus_backend versiones 3.1.6, 3.0.6 o 2.11.16 para recibir el parche"
}
],
"id": "CVE-2022-31000",
"lastModified": "2024-11-21T07:03:41.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-01T18:15:07.873",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-43846
Vulnerability from fkie_nvd - Published: 2021-12-20 22:15 - Updated: 2024-11-21 06:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m | Exploit, Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFCB5C4-83E5-4AD7-8C52-92B863DD15B6",
"versionEndExcluding": "2.11.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B58D450A-ADBF-4E0F-9C11-B11752ADE39E",
"versionEndExcluding": "3.0.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7D9C43-3C12-4B42-8DB2-FF18AD5BEF0E",
"versionEndExcluding": "3.1.5",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user\u0027s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."
},
{
"lang": "es",
"value": "\"solidus_frontend\" es el carrito y el escaparate del proyecto de comercio electr\u00f3nico Solidus. Las versiones de \"solidus_frontend\" anteriores a 3.1.5, 3.0.5 y 2.11.14, contienen una vulnerabilidad de tipo cross-site request forgery (CSRF) que permite a un sitio malicioso a\u00f1adir un art\u00edculo al carrito del usuario sin su conocimiento. Las versiones 3.1.5, 3.0.5 y 2.11.14 contienen un parche para este problema. El parche a\u00f1ade la verificaci\u00f3n del token CSRF a la acci\u00f3n \"Add to cart\". A\u00f1adir protecci\u00f3n contra falsificaciones a un formulario que no la ten\u00eda puede tener algunos efectos secundarios. Est\u00e1n disponibles otras estrategias de protecci\u00f3n contra CSRF, as\u00ed como una soluci\u00f3n que implica la modificaci\u00f3n del archivo config/application.rb. M\u00e1s detalles sobre estas mitigaciones est\u00e1n disponibles en el aviso de seguridad de GitHub"
}
],
"id": "CVE-2021-43846",
"lastModified": "2024-11-21T06:29:55.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-20T22:15:07.947",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-43805
Vulnerability from fkie_nvd - Published: 2021-12-07 18:15 - Updated: 2024-11-21 06:29
Severity ?
Summary
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9 | Exploit, Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F9CA3-5DF3-4DF8-844C-B4C4E261D09A",
"versionEndExcluding": "2.11.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC7D340-52C4-4FB7-810F-4B87ED7A470D",
"versionEndExcluding": "3.0.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E708A7C2-F76F-45D7-91F5-A6F480295521",
"versionEndExcluding": "3.1.4",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order\u0027s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."
},
{
"lang": "es",
"value": "Solidus es una plataforma de comercio electr\u00f3nico gratuita y de c\u00f3digo abierto construida sobre Rails. Las versiones de Solidus anteriores a la 3.1.4, 3.0.4 y 2.11.13 tienen una vulnerabilidad de denegaci\u00f3n de servicio que podr\u00eda ser explotada durante un pedido de invitados. La expresi\u00f3n regular usada para comprender el correo electr\u00f3nico de un pedido de invitado estaba sujeta a un retroceso exponencial a trav\u00e9s de un fragmento como `a.a.` Las versiones 3.1.4, 3.0.4 y 2.11.13 han sido parcheadas para usar una expresi\u00f3n regular diferente. Los mantenedores han a\u00f1adido una comprobaci\u00f3n de las direcciones de correo electr\u00f3nico que ya no son v\u00e1lidas que imprimir\u00e1 informaci\u00f3n sobre los pedidos afectados que se presentan. Si una actualizaci\u00f3n inmediata no es una opci\u00f3n, se presenta una soluci\u00f3n disponible. Es posible editar el archivo \"config/application.rb\" manualmente (con el c\u00f3digo proporcionado por los mantenedores en el aviso de seguridad de GitHub) para comprobar la validez del correo electr\u00f3nico"
}
],
"id": "CVE-2021-43805",
"lastModified": "2024-11-21T06:29:49.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-07T18:15:07.407",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-15109
Vulnerability from fkie_nvd - Published: 2020-08-04 23:15 - Updated: 2024-11-21 05:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE5C6C1-50C2-4D8A-A1A1-1679BF2BD616",
"versionEndExcluding": "2.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83119E07-1C20-4CD2-8561-2B6AF76A460C",
"versionEndExcluding": "2.9.6",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57EEBC07-382C-4A07-965F-CD2FB7110CC9",
"versionEndExcluding": "2.10.2",
"versionStartIncluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section."
},
{
"lang": "es",
"value": "En solidus versiones anteriores a 2.8.6, 2.9.6 y 2.10.2, se presenta la posibilidad de cambiar la direcci\u00f3n del pedido sin activar comprobaciones de direcci\u00f3n. Esta vulnerabilidad permite a un cliente malicioso crear datos de petici\u00f3n con par\u00e1metros que permitan cambiar la direcci\u00f3n del pedido actual sin cambiar los costos de env\u00edo asociados con el nuevo env\u00edo. Todas las tiendas con al menos dos zonas de env\u00edo y diferentes costos de env\u00edo por zona est\u00e1n afectadas. Este problema proviene de c\u00f3mo se estructuran los atributos permitidos de pago. Tenemos una lista \u00fanica de atributos que est\u00e1n permitidos en todo el proceso de pago, sin importar el paso que esta siendo enviado. Consulte la referencia vinculada para m\u00e1s informaci\u00f3n. Como una soluci\u00f3n alternativa, si no es posible actualizar a una versi\u00f3n parcheada compatible, use esta esencia en la secci\u00f3n de referencias"
}
],
"id": "CVE-2020-15109",
"lastModified": "2024-11-21T05:04:49.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-04T23:15:10.347",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-31000 (GCVE-0-2022-31000)
Vulnerability from cvelistv5 – Published: 2022-06-01 17:25 – Updated: 2025-04-22 17:55
VLAI?
Title
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Summary
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31000",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:46:02.644442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:55:17.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.16"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.6"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order\u0027s adjustments if they hold its number, and the execution happens on a store administrator\u0027s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T17:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
}
],
"source": {
"advisory": "GHSA-8639-qx56-r428",
"discovery": "UNKNOWN"
},
"title": "CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31000",
"STATE": "PUBLIC",
"TITLE": "CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003c 2.11.16"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.6"
},
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.6"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order\u0027s adjustments if they hold its number, and the execution happens on a store administrator\u0027s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"name": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
}
]
},
"source": {
"advisory": "GHSA-8639-qx56-r428",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31000",
"datePublished": "2022-06-01T17:25:11.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:55:17.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43846 (GCVE-0-2021-43846)
Vulnerability from cvelistv5 – Published: 2021-12-20 21:30 – Updated: 2024-08-04 04:10
VLAI?
Title
CSRF forgery protection bypass for Spree::OrdersController#populate
Summary
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory.
Severity ?
5.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.5"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.5"
},
{
"status": "affected",
"version": "\u003c 2.11.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user\u0027s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T21:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
}
],
"source": {
"advisory": "GHSA-h3fg-h5v3-vf8m",
"discovery": "UNKNOWN"
},
"title": "CSRF forgery protection bypass for Spree::OrdersController#populate",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43846",
"STATE": "PUBLIC",
"TITLE": "CSRF forgery protection bypass for Spree::OrdersController#populate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.5"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.5"
},
{
"version_value": "\u003c 2.11.14"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user\u0027s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"name": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"name": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
}
]
},
"source": {
"advisory": "GHSA-h3fg-h5v3-vf8m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43846",
"datePublished": "2021-12-20T21:30:11",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43805 (GCVE-0-2021-43805)
Vulnerability from cvelistv5 – Published: 2021-12-07 17:25 – Updated: 2024-08-04 04:03
VLAI?
Title
ReDos vulnerability on guest checkout email validation
Summary
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.
Severity ?
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.4"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003c 2.11.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order\u0027s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T17:25:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
}
],
"source": {
"advisory": "GHSA-qxmr-qxh6-2cc9",
"discovery": "UNKNOWN"
},
"title": "ReDos vulnerability on guest checkout email validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43805",
"STATE": "PUBLIC",
"TITLE": "ReDos vulnerability on guest checkout email validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.4"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.4"
},
{
"version_value": "\u003c 2.11.13"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order\u0027s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"name": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
}
]
},
"source": {
"advisory": "GHSA-qxmr-qxh6-2cc9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43805",
"datePublished": "2021-12-07T17:25:09",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15109 (GCVE-0-2020-15109)
Vulnerability from cvelistv5 – Published: 2020-08-04 23:00 – Updated: 2024-08-04 13:08
VLAI?
Title
Ability to change order address without triggering address validations in solidus
Summary
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section.
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.6"
},
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.6"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T23:00:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
}
],
"source": {
"advisory": "GHSA-3mvg-rrrw-m7ph",
"discovery": "UNKNOWN"
},
"title": "Ability to change order address without triggering address validations in solidus",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15109",
"STATE": "PUBLIC",
"TITLE": "Ability to change order address without triggering address validations in solidus"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.6"
},
{
"version_value": "\u003e= 2.9.0, \u003c 2.9.6"
},
{
"version_value": "\u003e= 2.10.0, \u003c 2.10.2"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"name": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d",
"refsource": "MISC",
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
}
]
},
"source": {
"advisory": "GHSA-3mvg-rrrw-m7ph",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15109",
"datePublished": "2020-08-04T23:00:16",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31000 (GCVE-0-2022-31000)
Vulnerability from nvd – Published: 2022-06-01 17:25 – Updated: 2025-04-22 17:55
VLAI?
Title
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Summary
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31000",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:46:02.644442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:55:17.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.16"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.6"
},
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order\u0027s adjustments if they hold its number, and the execution happens on a store administrator\u0027s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T17:25:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
}
],
"source": {
"advisory": "GHSA-8639-qx56-r428",
"discovery": "UNKNOWN"
},
"title": "CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31000",
"STATE": "PUBLIC",
"TITLE": "CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003c 2.11.16"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.6"
},
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.6"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order\u0027s adjustments if they hold its number, and the execution happens on a store administrator\u0027s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428"
},
{
"name": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c"
}
]
},
"source": {
"advisory": "GHSA-8639-qx56-r428",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31000",
"datePublished": "2022-06-01T17:25:11.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:55:17.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43846 (GCVE-0-2021-43846)
Vulnerability from nvd – Published: 2021-12-20 21:30 – Updated: 2024-08-04 04:10
VLAI?
Title
CSRF forgery protection bypass for Spree::OrdersController#populate
Summary
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory.
Severity ?
5.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.5"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.5"
},
{
"status": "affected",
"version": "\u003c 2.11.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user\u0027s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T21:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
}
],
"source": {
"advisory": "GHSA-h3fg-h5v3-vf8m",
"discovery": "UNKNOWN"
},
"title": "CSRF forgery protection bypass for Spree::OrdersController#populate",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43846",
"STATE": "PUBLIC",
"TITLE": "CSRF forgery protection bypass for Spree::OrdersController#populate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.5"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.5"
},
{
"version_value": "\u003c 2.11.14"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user\u0027s cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"
},
{
"name": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"
},
{
"name": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"
}
]
},
"source": {
"advisory": "GHSA-h3fg-h5v3-vf8m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43846",
"datePublished": "2021-12-20T21:30:11",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43805 (GCVE-0-2021-43805)
Vulnerability from nvd – Published: 2021-12-07 17:25 – Updated: 2024-08-04 04:03
VLAI?
Title
ReDos vulnerability on guest checkout email validation
Summary
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.
Severity ?
7.5 (High)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.1.4"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.4"
},
{
"status": "affected",
"version": "\u003c 2.11.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order\u0027s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T17:25:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
}
],
"source": {
"advisory": "GHSA-qxmr-qxh6-2cc9",
"discovery": "UNKNOWN"
},
"title": "ReDos vulnerability on guest checkout email validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43805",
"STATE": "PUBLIC",
"TITLE": "ReDos vulnerability on guest checkout email validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.4"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.4"
},
{
"version_value": "\u003c 2.11.13"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order\u0027s email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1333: Inefficient Regular Expression Complexity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-qxmr-qxh6-2cc9"
},
{
"name": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401",
"refsource": "MISC",
"url": "https://github.com/solidusio/solidus/commit/9867153e01e3c3b898cdbcedd7b43375ea922401"
}
]
},
"source": {
"advisory": "GHSA-qxmr-qxh6-2cc9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43805",
"datePublished": "2021-12-07T17:25:09",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15109 (GCVE-0-2020-15109)
Vulnerability from nvd – Published: 2020-08-04 23:00 – Updated: 2024-08-04 13:08
VLAI?
Title
Ability to change order address without triggering address validations in solidus
Summary
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section.
Severity ?
5.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "solidus",
"vendor": "solidusio",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.6"
},
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.6"
},
{
"status": "affected",
"version": "\u003e= 2.10.0, \u003c 2.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T23:00:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
}
],
"source": {
"advisory": "GHSA-3mvg-rrrw-m7ph",
"discovery": "UNKNOWN"
},
"title": "Ability to change order address without triggering address validations in solidus",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15109",
"STATE": "PUBLIC",
"TITLE": "Ability to change order address without triggering address validations in solidus"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "solidus",
"version": {
"version_data": [
{
"version_value": "\u003c 2.8.6"
},
{
"version_value": "\u003e= 2.9.0, \u003c 2.9.6"
},
{
"version_value": "\u003e= 2.10.0, \u003c 2.10.2"
}
]
}
}
]
},
"vendor_name": "solidusio"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph",
"refsource": "CONFIRM",
"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph"
},
{
"name": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d",
"refsource": "MISC",
"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d"
}
]
},
"source": {
"advisory": "GHSA-3mvg-rrrw-m7ph",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15109",
"datePublished": "2020-08-04T23:00:16",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}