Lucene search
+L

113 matches found

Github Security Blog
Github Security Blog
added 2019/08/20 2:29 p.m.29 views

rest-client Gem Contains Malicious Code

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.6.9, or upgrading to 1.7.x. Additionally, a set of other...

9.8CVSS9AI score0.0355EPSS
Exploits0References11Affected Software10
Veracode
Veracode
added 2019/08/20 1:56 a.m.13 views

Malicious Package

rest-client is a malicious package. The package evaluates code stored on a remote server pastebin.com and upon execution of the malicious code on the victim system, sends system information to mironanoru.zzz.com.ua...

9.8CVSS3.1AI score0.0355EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/08/19 11:15 p.m.26 views

CVE-2019-15224

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions =1.6.14 are unaffected...

9.8CVSS9.6AI score0.0355EPSS
Exploits0References2
OSV
OSV
added 2019/08/19 11:15 p.m.7 views

CVE-2019-15224

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions =1.6.14 are unaffected...

9.8CVSS7.3AI score0.0355EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/08/19 11:15 p.m.18 views

CVE-2019-15224

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions =1.6.14 are unaffected...

9.8CVSS7.2AI score0.0355EPSS
Exploits0References3
CVE
CVE
added 2019/08/19 10:24 p.m.134 views

CVE-2019-15224

CVE-2019-15224 affects the Ruby rest-client gem; versions 1.6.10–1.6.13 on RubyGems.org included a code-execution backdoor inserted by a third party. Versions 1.6.9 and earlier are not affected, and 1.6.14+ are also not affected. The compromise leads to remote code execution via the gem’s code pa...

9.8CVSS9.3AI score0.0355EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2019/08/19 10:24 p.m.53 views

CVE-2019-15224

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions =1.6.14 are unaffected...

9.8CVSS9.6AI score0.0355EPSS
Exploits0
Cvelist
Cvelist
added 2019/08/19 10:24 p.m.31 views

CVE-2019-15224

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions =1.6.14 are unaffected...

9.6AI score0.0355EPSS
Exploits0References2
RubySec
RubySec
added 2019/08/19 12:0 a.m.30 views

Code execution backdoor in rest-client

The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS2.7AI score0.0355EPSS
Exploits0References1
0day.today
0day.today
added 2018/09/25 12:0 a.m.121 views

Postman 6.3.0 Improper Certificate Validation Vulnerability

Exploit for hardware platform in category web applications Product: Postman standalone Manufacturer: Postman Affected Versions: 6.3.0 and older Tested Versions: 6.2.2 x64 Windows and Linux, 6.3.0 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: Medium Solution Status: Open...

0.1AI score0.00643EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2018/08/13 8:47 p.m.45 views

rest-client Gem Vulnerable to Session Fixation

REST client for Ruby aka rest-client versions 1.6.1.a until 1.8.0 allow remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS8.6AI score0.04345EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.35 views

GHSA-MX9F-W8QQ-Q5JF rest-client allows local users to obtain sensitive information by reading the log

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS7.1AI score0.00373EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.25 views

rbovirt uses the rest-client gem with SSL verification disabled

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

6.8CVSS6.2AI score0.01968EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.35 views

rest-client allows local users to obtain sensitive information by reading the log

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS8.3AI score0.00373EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.17 views

GHSA-WW79-8XWV-932X rbovirt uses the rest-client gem with SSL verification disabled

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors...

6.8CVSS6.2AI score0.01968EPSS
Exploits0References7
CNVD
CNVD
added 2017/08/10 12:0 a.m.9 views

rest-client session fixation vulnerability

The rest-client aka REST Client is one of those simple HTTP and REST clients. A session fixation vulnerability exists in rest-client. An attacker can exploit this vulnerability to hijack a session or gain access to sensitive information...

9.8CVSS9.2AI score0.04345EPSS
Exploits0References1
Prion
Prion
added 2017/08/09 6:29 p.m.23 views

Session fixation

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

7.5CVSS6.7AI score0.04345EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2017/08/09 6:29 p.m.37 views

CVE-2015-1820

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS7.2AI score0.04345EPSS
Exploits0References2
NVD
NVD
added 2017/08/09 6:29 p.m.28 views

CVE-2015-1820

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References4
OSV
OSV
added 2017/08/09 6:29 p.m.3 views

DEBIAN-CVE-2015-1820

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References1
Rows per page
Query Builder