VulnerableCode Package Details - pkg:deb/debian/ruby-rest-client@1.6.7-6?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/ruby-rest-client@1.6.7-6?distro=trixie

purl	pkg:deb/debian/ruby-rest-client@1.6.7-6?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-vhdm-w6p1-uuh9	Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request.	CVE-2015-1820 GHSA-3fhf-6939-qg8p OSV-119878

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:52:53.932722+00:00	Debian Importer	Fixing	VCID-vhdm-w6p1-uuh9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:50:34.082482+00:00	Debian Importer	Fixing	VCID-vhdm-w6p1-uuh9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:22.586859+00:00	Debian Importer	Fixing	VCID-vhdm-w6p1-uuh9	https://security-tracker.debian.org/tracker/data/json	38.1.0