You can find the Solidus security policy at https://solidus.io/security.
Security: solidusio/solidus
Security
SECURITY.md
-
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backendGHSA-8639-qx56-r428 published
Jun 1, 2022 by waiting-for-devLow -
CSRF forgery protection bypass for Spree::OrdersController#populateGHSA-h3fg-h5v3-vf8m published
Dec 20, 2021 by waiting-for-devLow -
ReDos vulnerability on guest checkout email validationGHSA-qxmr-qxh6-2cc9 published
Dec 7, 2021 by waiting-for-devHigh -
Authentication Bypass by CSRF WeaknessGHSA-5629-8855-gf4g published
Nov 17, 2021 by waiting-for-devLow -
[CVE-2020-15109] Ability to change order address without triggering address validationsGHSA-3mvg-rrrw-m7ph published
Jul 31, 2020 by kennyadslModerate
Learn more about advisories related to solidusio/solidus in the GitHub Advisory Database