Source |
CVE Liste |
Identifiant |
3835548 |
Date de publication |
2021-12-20 22:15:07 (vue: 2021-12-21 00:06:26) |
Titre |
CVE-2021-43846 |
Texte |
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory. |
Envoyé |
Oui |
Condensat |
2021 43846 `solidus action add adding adds advisory allows are available can cart commerce config/application contain cross csrf cve details effects forgery form frontend` github have involving issue item knowledge malicious missed mitigations modifcation more other patch prior project protection rb` request security side site solidus some storefront strategies these token user verification versions vulnerability well without workaround |
Tags |
Vulnerability
|
Stories |
|
Notes |
|
Move |
|