RubyGems package
rest-client
pkg:gem/rest-client
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15224 | — | >= 1.6.10, < 1.7.0 | 1.7.0 | Aug 19, 2019 | The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. | ||
| CVE-2015-1820 | Cri | 9.8 | >= 1.6.1.a, < 1.8.0 | 1.8.0 | Aug 9, 2017 | REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. | |
| CVE-2015-3448 | — | < 1.7.3 | 1.7.3 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-15224Aug 19, 2019affected >= 1.6.10, < 1.7.0fixed 1.7.0
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
- affected >= 1.6.1.a, < 1.8.0fixed 1.8.0
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
- CVE-2015-3448Apr 29, 2015affected < 1.7.3fixed 1.7.3
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.