rest-client 1.6.13
This gem version has been yanked.
Yanked gem versions cannot be used or downloaded from RubyGems.
Potentially problematic release.
This release has been marked as problematic by at least one user.
Code execution backdoor in rest-client
critical severity CVE-2019-15224<= 1.6.9
, >= 1.6.14
The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses
critical severity CVE-2015-1820>= 1.8.0
<= 1.6.0
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
rest-client ruby gem logs sensitive information
low severity CVE-2015-3448>= 1.7.3
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.