RubySec

Providing security resources for the Ruby community

CVE-2008-7311 (spree): Spree Hardcoded config.action_controller_session Hash Value Cryptographic Protection Weakness

ADVISORIES

GEM

spree

SEVERITY

CVSS v2: 5.0

PATCHED VERSIONS

  • >= 0.3.0

DESCRIPTION

Spree contains a hardcoded flaw related to the config.action_controller_session hash value. This may allow an attacker to more easily bypass cryptographic protection.