Vulnerabilities > Sparksolutions

DATE CVE VULNERABILITY TITLE RISK
2020-10-20 CVE-2020-15269 Insufficient Session Expiration vulnerability in Sparksolutions Spree
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints.
network
low complexity
sparksolutions CWE-613
critical
9.1