search

spree-contrib / better_spree_paypal_express

A better Spree PayPal Express Extension.
http://guides.spreecommerce.org
BSD 3-Clause "New" or "Revised" License
110 stars 269 forks source link

Major Security Vulnerability #89

Closed imme5150 closed 10 years ago

imme5150 commented 10 years ago

Working on customizing this extension, and I found what appears to be a major security hole. A carefully crafted URL can cause an order to be processed w/o any payment being taken. Happy to share more details offline.

radar commented 10 years ago

@imme5150 Please submit a detailed report to security@spreecommerce.com. Thank you.