Cross-site Request Forgery (CSRF)
Affecting shoppe gem, versions <1.1.1
shoppe is a full Rails engine providing e-commerce functionality for any Rails 4 application.
Affected versions of the package are vulnerable to Cross-Site Request Forgery (CSRF). The anti-CSRF protection
protect_from_forgery is off by default in
shoppe to version 1.1.1 or higher.
Do your applications use this vulnerable package?
- Dean Perry
- Snyk ID
- 20 Jul, 2015
- 10 Jan, 2018