3 matches found
CVE-2019-15224
CVE-2019-15224 affects the Ruby rest-client gem; versions 1.6.10–1.6.13 on RubyGems.org included a code-execution backdoor inserted by a third party. Versions 1.6.9 and earlier are not affected, and 1.6.14+ are also not affected. The compromise leads to remote code execution via the gem’s code pa...
CVE-2015-1820
The CVE-2015-1820 vulnerability affects the RubyGem rest-client (REST client for Ruby) up to version 1.8.0, where Set-Cookie headers in HTTP 30x redirects can be reused by an attacker to hijack a user session or access cookies. The connected documents corroborate this issue across multiple source...
CVE-2015-3448
The vulnerability CVE-2015-3448 affects the REST Client for Ruby (rest-client) prior to 1.7.3, where usernames and passwords are logged, enabling local users to read sensitive information from logs. Affected component is the rest-client Ruby library; root cause is credentials being written to log...