Max CVSS | 6.4 | Min CVSS | 6.4 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-15269 | 6.4 |
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
|
18-11-2021 - 16:21 | 20-10-2020 - 21:15 |