solidusio — Vulnerabilities & Security Advisories 5

Browse all 5 CVE security advisories affecting solidusio. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Solidusio is an e-commerce platform focused on building customizable online stores. Historically, the project has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its five recorded CVEs. These vulnerabilities often stem from improper input validation and insufficient access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. The platform's modular architecture, while flexible, may introduce additional attack surfaces through third-party extensions that require careful security review.

Top products by solidusio: solidus solidus_auth_devise

CVEs 5

CVE ID	Title	CVSS	Severity	Published
CVE-2022-31000	CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend — solidusCWE-352	2.3	Low	2022-06-01
CVE-2021-43846	CSRF forgery protection bypass for Spree::OrdersController#populate — solidusCWE-352	5.3	Medium	2021-12-20
CVE-2021-43805	ReDos vulnerability on guest checkout email validation — solidusCWE-1333	7.5	High	2021-12-07
CVE-2021-41274	Authentication Bypass by CSRF Weakness — solidus_auth_deviseCWE-352	9.3	Critical	2021-11-17
CVE-2020-15109	Ability to change order address without triggering address validations in solidus — solidusCWE-20	5.3	Medium	2020-08-04

This page lists every published CVE security advisory associated with solidusio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

solidusio — Vulnerabilities & Security Advisories 5