VDB
GCVE-110-MAGEIA-2015-227
GCVE-110-MAGEIA-2015-227
Advisory Published
Updated ruby-rest-client packages fix security vulnerability:
When Ruby rest-client processes an HTTP redirection response, it blindly
passes along the values from any Set-Cookie headers to the redirection target,
regardless of domain, path, or expiration. This can be used in a session
fixation attack or in stealing cookies (CVE-2015-1820).
REST Client for Ruby contains a flaw that is due to the application logging
password information in plaintext. This may allow a local attacker to gain
access to password information (CVE-2015-3448).
The ruby-rest-client package has been updated to version 1.8.0, fixing these
issues and several other bugs. Refer to the upstream changelog for more
details.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ruby-http-cookie | 0 (affected), 1.0.2-1.mga4 (unaffected) | — |
| Mageia | ruby-rest-client | 0 (affected), 1.8.0-2.mga4 (unaffected) | — |
| Mageia | ruby-netrc | 0 (affected), 0.10.3-1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.