VDB

GCVE-110-MAGEIA-2015-227

GCVE-110-MAGEIA-2015-227
Advisory Published
Vulnetix · Advisory published May 15, 2015
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation attack or in stealing cookies (CVE-2015-1820). REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information (CVE-2015-3448). The ruby-rest-client package has been updated to version 1.8.0, fixing these issues and several other bugs. Refer to the upstream changelog for more details.

Affected Products

VendorProductVersionsPlatforms
Mageiaruby-http-cookie0 (affected), 1.0.2-1.mga4 (unaffected)
Mageiaruby-rest-client0 (affected), 1.8.0-2.mga4 (unaffected)
Mageiaruby-netrc0 (affected), 0.10.3-1.mga4 (unaffected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›