Skip to main content

Solidus

4 CVEs product

Monthly

CVE-2022-31000 Ruby MEDIUM POC PATCH This Month

solidus_backend is the admin interface for the Solidus e-commerce framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-43846 Ruby MEDIUM POC PATCH This Month

`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-43805 Ruby HIGH POC PATCH This Week

Solidus is a free, open-source ecommerce platform built on Rails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Solidus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15109 Ruby MEDIUM POC PATCH This Month

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Solidus
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

solidus_backend is the admin interface for the Solidus e-commerce framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Solidus
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Solidus is a free, open-source ecommerce platform built on Rails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Solidus
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Solidus
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy