FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ffe2d86c-07d9-11e5-9a28-001e67150279rest-client -- plaintext password disclosure

The open sourced vulnerability database reports:

REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information.


Discovery 2015-01-12
Entry 2015-05-31
Modified 2015-09-28
rubygem-rest-client
lt 1.6.7_1

CVE-2015-3448
ports/200504
https://github.com/rest-client/rest-client/issues/349
http://osvdb.org/show/osvdb/117461
83a7a720-07d8-11e5-9a28-001e67150279rest-client -- session fixation vulnerability

Andy Brody reports:

When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration.


Discovery 2015-03-24
Entry 2015-05-31
Modified 2015-09-28
rubygem-rest-client
lt 1.6.7_1

CVE-2015-1820
ports/200504
https://github.com/rest-client/rest-client/issues/369