05 Feb '13, 12am

Important security update which affects all versions Spree 1.0.x or greater.

Exploits found within Core and API Posted January 31, 2013 by Ryan Bigg Comments Please upgrade your Spree stores now to their latest gem versions 1.3.2, 1.2.4, 1.1.5 or 1.0.7. Thanks to the work of Egor Homakov , we have located and patched two serious exploits within Spree. The first allows a user to authenticate as a random user to the API , which could potentially lead them to authenticating as an admin user for the store. The second allows them to issue a Denial of Service attack against the store using an especially crafted URL . We have patched the 1-0-stable, 1-1-stable, 1-2-stable, 1-3-stable and master branches for Spree, as well as released new gem versions for the stable branches. We strongly advise all Spree stores to upgrade to their latest gem versions so that they are not affected by these exploits.

Full article: http://spreecommerce.com/blog/exploits-found-within-core-...

Tweets

Double Shot #1059

afreshcup.com 05 Feb '13, 12pm

Exploits found within Core and API - That'd be in the Spree e-commerce code. Upgrade now if you're using it. pivotal-slack...

How #Running On Different Surfaces Affects Your...

runaddicts.net 05 Feb '13, 8am

Interested in writing for RunAddicts.net? Get started now! Various running surfaces can stress the body and feet in differ...

A look at what's in store for Pivotal Tracker in 2013 (New Features, New API, New Design)

A look at what's in store for Pivotal Tracker i...

pivotallabs.com 05 Feb '13, 7pm

January has gone by quickly! Hopefully the new year is already off to a great start for you and your entire team. I’d like...

Some Versions of Ruby on Rails Vulnerable to Ne...

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a ...