Vulnerabilities (CVE)

Filtered by vendor Sparksolutions Subscribe
Filtered by product Spree
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15269 1 Sparksolutions 1 Spree 2024-11-21 6.4 MEDIUM 7.4 HIGH
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.