cblanc
commented
7 years ago Thanks for raising this. rest-client has been bumped to 1.8.0 in version 1.1.0 of this gem
Closed vnagasivam closed 7 years ago
cblanc
commented
7 years ago Thanks for raising this. rest-client has been bumped to 1.8.0 in version 1.1.0 of this gem
Current version of rest-client that is a dependency is 1.6.7, which has 2 vulnerabilities:
Name: rest-client Version: 1.6.7 Advisory: CVE-2015-3448 Criticality: Unknown URL: http://www.osvdb.org/show/osvdb/117461 Title: Rest-Client Gem for Ruby logs password information in plaintext Solution: upgrade to >= 1.7.3
Name: rest-client Version: 1.6.7 Advisory: CVE-2015-1820 Criticality: Unknown URL: https://github.com/rest-client/rest-client/issues/369 Title: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses Solution: upgrade to >= 1.8.0