← Back

Rest Client

rest-client

Vendor: Rest Client Project • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-15224
1Rest Client Project
1Rest Client
Nov 21, 2024
Aug 19, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
CVE-2015-1820
1Rest Client Project
1Rest Client
May 13, 2026
Aug 9, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
CVE-2015-3448
1Rest Client Project
1Rest Client
May 6, 2026
Apr 29, 2015
N/A· v4
N/A· v3
2.1 LOW· v2
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.