solidus_auth_devise is vulnerable to authentication bypass. An attacker can takeover an account through CSRF if protect_from_forgery
method satisfy both: 1)Executed whether as: A before_action
callback (the default) 2)A prepend_before_action
(option prepend: true
given) before the :load_object
hook in Spree::UserController
(most likely order to find).