diff --git a/gems/spree/CVE-2013-1656.yml b/gems/spree/CVE-2013-1656.yml
index 446ebdea91..8ed2befd4e 100644
--- a/gems/spree/CVE-2013-1656.yml
+++ b/gems/spree/CVE-2013-1656.yml
@@ -6,7 +6,7 @@ url: https://blog.convisoappsec.com/en/spree-commerce-multiple-unsafe-reflection
 title: Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution
 date: 2013-02-21
 description: |
-  Spree Commerce 1.0.x through 1.3.2 allows remote authenticated
+  Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated
   administrators to instantiate arbitrary Ruby objects and executd
   arbitrary commands via the
   (1) payment_method parameter to core/app/controllers/spree/admin/
@@ -18,7 +18,8 @@ description: |
       of the constantize function.
 cvss_v2: 4.3
 patched_versions:
-  - ">= 2.0.0"
+  - ">= 2.0.0.rc1"
 related:
   url:
     - https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed
+    - https://github.com/spree/spree/commit/70092eb55b8be8fe5d21a7658b62da658612fba7
\ No newline at end of file