VulnerableCode Package Details - pkg:deb/debian/ruby-rest-client@1.6.7-6

Search for packages

Vulnerability	Summary	Fixed by
VCID-jggb-58ap-ybab Aliases: CVE-2015-3448 GHSA-mx9f-w8qq-q5jf	Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.	1.8.0-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-jggb-58ap-ybab
Aliases:
CVE-2015-3448
GHSA-mx9f-w8qq-q5jf

Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.

1.8.0-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-vhdm-w6p1-uuh9	Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.	CVE-2015-1820 GHSA-3fhf-6939-qg8p OSV-119878

Vulnerability

Summary

Aliases

VCID-vhdm-w6p1-uuh9

Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.

CVE-2015-1820
GHSA-3fhf-6939-qg8p
OSV-119878

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T20:33:02.712527+00:00	Debian Oval Importer	Affected by	VCID-jggb-58ap-ybab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:05:42.293965+00:00	Debian Oval Importer	Fixing	VCID-vhdm-w6p1-uuh9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T20:14:20.730600+00:00	Debian Oval Importer	Affected by	VCID-jggb-58ap-ybab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:51:21.673949+00:00	Debian Oval Importer	Fixing	VCID-vhdm-w6p1-uuh9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T19:55:26.798660+00:00	Debian Oval Importer	Affected by	VCID-jggb-58ap-ybab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:38:23.540317+00:00	Debian Oval Importer	Fixing	VCID-vhdm-w6p1-uuh9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0