solidus_frontend

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting solidus_frontendpage 1 of 1

CVE-2020-15109MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.10.2
2020-08-04
vulnerable: 2.10.0, 2.10.1
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changin…
CVE-2021-43846MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.1.5
2021-12-20
vulnerable: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to a…

Check whether solidus_frontend is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for solidus_frontend CVEs against the assets you own.

Start Free Scan →