rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses

Metadata

high
7.5
rest-client
CVE-2015-1820
github.com
2015-03-24
2017-08-21 19:36
CVE-2015-1820 ruby-rest-client
CVE-2015-1820
2017-08-09 21:37
2017-04-01 19:11
2017-01-05 20:15

Description

rest-client in abstract_response.rb improperly handles Set-Cookie headers on
HTTP 30x redirection responses. Any cookies will be forwarded to the
redirection target regardless of domain, path, or expiration.

If you control a redirection source, you can cause rest-client to perform a
request to any third-party domain with cookies of your choosing, which may be
useful in performing a session fixation attack.

If you control a redirection target, you can steal any cookies set by the
third-party redirection request.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in Unaffected in
rest-client >= 1.8.0 <= 1.6.0