CVE-2013-2506
Published
CVSS v3
N/A
CVSS v2
4
MEDIUM
Affected
1
PROJECT
Description
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
Provides authentication (user accounts, login & signup) for @spree 4 by using Devise
GitHub