Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml +++ security/vuxml/vuln.xml @@ -57,6 +57,65 @@ --> + + rest-client -- plaintext password disclosure + + + rubygem-rest-client + 1.7.3 + + + + +

The open sourced vulnerability database reports:

+
REST Client for Ruby contains a flaw that is due to the application + logging password information in plaintext. This may allow a local + attacker to gain access to password information.
+

+ + + + CVE-2015-3448 + 200504 + https://github.com/rest-client/rest-client/issues/349 + http://osvdb.org/show/osvdb/117461 + + + 2015-01-12 + 2015-05-31 + + + + + rest-client -- session fixation vulnerability + + + rubygem-rest-client + 1.8.0 + + + + +

Andy Brody reports:

+
When Ruby rest-client processes an HTTP redirection response, + it blindly passes along the values from any Set-Cookie headers to the + redirection target, regardless of domain, path, or expiration.
+

+ + + + CVE-2015-1820 + 200504 + https://github.com/rest-client/rest-client/issues/369 + + + 2015-03-24 + 2015-05-31 + + + django -- Fixed session flushing in the cached_db backend