Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
spree 0.11.1 | Vulnerabilities | Sonatype Guide
gem
spree
0.11.1
spree 0.11.1
Published
Oct 11, 2010
•
Policy
compliance
gem Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
420
Versions
420
Vulnerabilities
16
Vulnerabilities
16
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(3)
High
(0)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
9.8
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
affected
Severity
Critical
Published
Jan 14, 2026
9.8
CVE-2011-10026
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server.
affected
Severity
Critical
Published
Nov 21, 2025
9.6
sonatype-2012-0053
Spree - Product Scopes could allow for unauthenticated remote command execution
affected
Severity
Critical
Published
Feb 14, 2018
