ADVISORIES
- CVE-2013-1656 (NVD)
- OSVDB-91219
- Vendor Advisory
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- >= 2.0.0
DESCRIPTION
Spree contains a flaw that is triggered when handling input passed via the ‘promotion_rule’ parameter to promotion_rules_controller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands.