Search for packages
| purl | pkg:deb/debian/ruby-rest-client@2.1.0-4?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-jggb-58ap-ybab | Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information. |
CVE-2015-3448
GHSA-mx9f-w8qq-q5jf |
| VCID-nfpt-w93k-dqa5 | rest-client Gem Contains Malicious Code The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.6.9, or upgrading to 1.7.x. Additionally, a set of other minor gems have been partially or completely yanked and are included in this advisory. These include cron_parser, coin_base, blockchain_wallet, awesome-bot, doge-coin, capistrano-colors, bitcoin_vanity, lita_coin, coming-soon, and omniauth_amazon. |
CVE-2019-15224
GHSA-333g-rpr4-7hxq |
| VCID-vhdm-w6p1-uuh9 | Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request. |
CVE-2015-1820
GHSA-3fhf-6939-qg8p OSV-119878 |