Please see Spree Guides Security section.
Security: spree/spree
Security
SECURITY.md
-
Passing an empty string '' as the token allows to query any complete order without knowing it's tokenGHSA-m2jr-hmc3-qmpr published
Nov 12, 2020 by damianlegawiecHigh -
Ensure that doorkeeper_token is valid when authenticating requests in API v2 callsGHSA-f8cm-364f-q9qh published
Oct 20, 2020 by damianlegawiecHigh
Learn more about advisories related to spree/spree in the GitHub Advisory Database