Browse all 5 CVE security advisories affecting solidusio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Solidusio is an e-commerce platform focused on building customizable online stores. Historically, the project has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its five recorded CVEs. These vulnerabilities often stem from improper input validation and insufficient access controls. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. The platform's modular architecture, while flexible, may introduce additional attack surfaces through third-party extensions that require careful security review.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-31000 | CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend — solidusCWE-352 | 2.3 | Low | 2022-06-01 |
| CVE-2021-43846 | CSRF forgery protection bypass for Spree::OrdersController#populate — solidusCWE-352 | 5.3 | Medium | 2021-12-20 |
| CVE-2021-43805 | ReDos vulnerability on guest checkout email validation — solidusCWE-1333 | 7.5 | High | 2021-12-07 |
| CVE-2020-15109 | Ability to change order address without triggering address validations in solidus — solidusCWE-20 | 5.3 | Medium | 2020-08-04 |
This page lists every published CVE security advisory associated with solidusio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.