Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
spree 0.11.1 | Vulnerabilities | Sonatype Guide
gem
spree
0.11.1
spree 0.11.1
Published
Oct 11, 2010
•
Policy
compliance
gem Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
420
Versions
420
Vulnerabilities
16
Vulnerabilities
16
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(10)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.1
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
affected
Severity
Medium
Published
Jul 29, 2022
6.5
sonatype-2020-0998
spree - Information Disclosure
affected
Severity
Medium
Published
Oct 14, 2020
4.3
sonatype-2019-0802
spree - Information Exposure
affected
Severity
Medium
Published
Apr 16, 2020
5.9
sonatype-2019-0446
Spree - Cross-Site Scripting (XSS) In Admin Product Editor
affected
Severity
Medium
Published
Nov 4, 2019
6.1
sonatype-2016-0585
Spree - Cross-Site Scripting (XSS) across several input fields
affected
Severity
Medium
Published
Dec 6, 2018
6.1
sonatype-2012-0072
spree - Potential Cross Site Scripting (XSS) via Ecommerce Tracking Code
affected
Severity
Medium
Published
Jul 6, 2018
5.0
CVE-2010-3978
Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.
affected
Severity
Medium
Published
Mar 7, 2018
6.5
sonatype-2014-0026
jQuery - Cross-Site Scripting (XSS)
affected
Severity
Medium
Published
6.1
sonatype-2016-0107
jQuery - Cross-Site Scripting (XSS) [CVE-2015-9251]
affected
Severity
Medium
6.1
sonatype-2012-0009
JQuery - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
affected
Severity
Medium
Mar 28, 2017
Published
Mar 28, 2017
Published
Mar 28, 2017
