ADVISORIES
- CVE-2008-7311 (NVD)
- GHSA-g466-57gh-cqfw
- OSVDB-81506
- Vendor Advisory
GEM
SEVERITY
CVSS v2.0: 5.0 (Medium)
PATCHED VERSIONS
- >= 0.3.0
DESCRIPTION
Spree contains a hardcoded flaw related to the config.action_controller_session hash value. This may allow an attacker to more easily bypass cryptographic protection.