CVSS v3.x: 9.3 (Critical)
- >= 3.1.3
- ~> 3.0.3
- ~> 2.11.12
The actual vulnerability has been discovered on
The security advisory here exists to provide an extra layer of security in the
form of a monkey patch for users who don’t update
this reason, it has been marked as low impact on this end.
For extra security, update
solidus_core to versions
Look at the workarounds described at GHSA-xm34-v85h-9pg2.