CVE-2020-15269

Published: 2020-10-20T21:15Z

Last Modified: 2024-11-21T05:05Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt