Search for packages
| purl | pkg:gem/rest-client@1.7.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jggb-58ap-ybab
Aliases: CVE-2015-3448 GHSA-mx9f-w8qq-q5jf |
Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information. |
Affected by 1 other vulnerability. |
|
VCID-vhdm-w6p1-uuh9
Aliases: CVE-2015-1820 GHSA-3fhf-6939-qg8p OSV-119878 |
Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-nfpt-w93k-dqa5 | rest-client Gem Contains Malicious Code The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.6.9, or upgrading to 1.7.x. Additionally, a set of other minor gems have been partially or completely yanked and are included in this advisory. These include cron_parser, coin_base, blockchain_wallet, awesome-bot, doge-coin, capistrano-colors, bitcoin_vanity, lita_coin, coming-soon, and omniauth_amazon. |
CVE-2019-15224
GHSA-333g-rpr4-7hxq |