solidus_api

RubyGems1 known CVE affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting solidus_apipage 1 of 1

CVE-2020-15109MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.10.2
2020-08-04
vulnerable: 2.10.0, 2.10.1
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changin…

Check whether solidus_api is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for solidus_api CVEs against the assets you own.

Start Free Scan →