Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
Published: September 22, 2008
SECURITY IDENTIFIERS
- CVE: CVE-2008-7310 (NVD)
- GHSA: GHSA-7h48-m3rw-vr27
- OSVDB: OSVDB-81505
- Vendor Advisory: https://spreecommerce.com/blog/security-vulnerability-mass-assignment
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
>= 0.3.0
DESCRIPTION
Spree contains a hash restriction weakness that occurs when parsing a modified URL. This may allow an attacker to manipulate order state values.