RubyGems - rd_searchlogic - Versions - 3.0.0.rc - Mend

rd_searchlogic 3.0.0.rc

1 security vulnerability found in version 3.0.0.rc

Spree Commerce is vulnerable to RCE through Search API

critical severity CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

Author did not declare license for this gem in the gemspec.

This gem version has a MIT license in the source code, however it was not declared in the gemspec file.

This gem version is available.

This gem version has not been yanked and is still available for usage.