Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown
CVE-2020-15269
Disclosure Date: October 20, 2020 (last updated February 22, 2025)
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
0
