Search for packages
| purl | pkg:gem/rest-client@1.8.0.rc1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-vhdm-w6p1-uuh9
Aliases: CVE-2015-1820 GHSA-3fhf-6939-qg8p OSV-119878 |
Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T20:37:43.965147+00:00 | GitLab Importer | Affected by | VCID-vhdm-w6p1-uuh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rest-client/CVE-2015-1820.yml | 38.4.0 |
| 2026-04-11T21:48:22.166381+00:00 | GitLab Importer | Affected by | VCID-vhdm-w6p1-uuh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rest-client/CVE-2015-1820.yml | 38.3.0 |
| 2026-04-02T22:02:17.023062+00:00 | GitLab Importer | Affected by | VCID-vhdm-w6p1-uuh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rest-client/CVE-2015-1820.yml | 38.1.0 |
| 2026-04-01T16:19:24.929067+00:00 | GitLab Importer | Affected by | VCID-vhdm-w6p1-uuh9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rest-client/CVE-2015-1820.yml | 38.0.0 |