One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 3835548 |
| Date de publication | 2021-12-20 22:15:07 (vue: 2021-12-21 00:06:26) |
| Titre | CVE-2021-43846 |
| Texte | `solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory. |
| Envoyé | Oui |
| Condensat | 2021 43846 `solidus action add adding adds advisory allows are available can cart commerce config/application contain cross csrf cve details effects forgery form frontend` github have involving issue item knowledge malicious missed mitigations modifcation more other patch prior project protection rb` request security side site solidus some storefront strategies these token user verification versions vulnerability well without workaround |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.