Session Cookie Store Vulnerability in Spree by Spree Commerce
CVE-2008-7311

Currently unrated

Key Information:

Vendor: Spreecommerce
Status: Spree
Vendor: CVE Published:; 5 April 2012

🔔 Create Spreecommerce Vulnerability Alert

What is CVE-2008-7311?

The session cookie store implementation in Spree 0.2.0 is compromised due to a hardcoded configuration for the session hash value. This flaw allows remote attackers to circumvent cryptographic protections, as this sensitive information can be found in the config/environment.rb file of affected applications. The vulnerability exposes users to potential unauthorized access, necessitating immediate attention to update affected instances and enhance overall security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://support.spreehq.org/issues/show/63

x_refsource_CONFIRM

http://spreecommerce.com/blog/2008/08/12/security-vulerna...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 5, 2012

JSON

Spreecommerce

What is CVE-2008-7311?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.