CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15224
https://notcve.org/view.php?id=CVE-2019-15224
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected. La gema rest-client versión 1.6.10 a 1.6.13 para Ruby, distribuida en RubyGems.org, incluía una puerta trasera de ejecución de código insertada por un tercero. Las versiones <-1.6.9 y >-1.6.14 no se ven afectadas. • https://github.com/rest-client/rest-client/issues/713 https://rubygems.org/gems/rest-client/versions • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1820 – rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses
https://notcve.org/view.php?id=CVE-2015-1820
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect. El cliente REST para Ruby (también llamado rest-client) en versiones anteriores a la 1.8.0 permite que atacantes remotos lleven a cabo ataques de fijación de sesión o que obtengan información confidencial de las cookies aprovechando el paso de cookies establecidas en una respuesta a una redirección. • http://www.openwall.com/lists/oss-security/2015/03/24/3 http://www.securityfocus.com/bid/73295 https://bugzilla.redhat.com/show_bug.cgi?id=1205291 https://github.com/rest-client/rest-client/issues/369 https://access.redhat.com/security/cve/CVE-2015-1820 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-384: Session Fixation •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3448 – rubygem-rest-client: unsanitized application logging
https://notcve.org/view.php?id=CVE-2015-3448
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. El cliente REST para Ruby (también conocido como rest-client) anterior a 1.7.3 registra nombres de usuarios y contraseñas, lo que permite a usuarios locales obtener información sensible mediante la lectura del registro. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00026.html http://www.osvdb.org/117461 http://www.securityfocus.com/bid/74415 https://github.com/rest-client/rest-client/issues/349 https://access.redhat.com/security/cve/CVE-2015-3448 https://bugzilla.redhat.com/show_bug.cgi?id=1240982 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •