[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-1820":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":468,"aliases":469,"duplicate_of":9,"upstream":470,"downstream":471,"duplicates":482,"related":483,"reserved_at":9,"published_at":485,"modified_at":486,"state":487,"summary":488,"references_raw":497,"kevs":523,"epss":524,"epss_history":527,"metrics":773,"affected":782},"CVE-2015-1820","REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-384","Session Fixation","Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.","weakness","Incomplete","Compound",[19,159,292,318,322,326,465],{"id":20,"name":21,"techniques":22},"CAPEC-196","Session Credential Falsification through Forging",[23,95,133],{"id":24,"name":25,"tactics":26,"countermeasures":36},"T1134.002","Create Process with Token",[27,30,33],{"id":28,"name":29},"TA0030","Defense Evasion",{"id":31,"name":32},"TA0005","Stealth",{"id":34,"name":35},"TA0111","Privilege Escalation",[37,42,46,50,55,59,64,69,73,77,81,85,90],{"id":38,"name":39,"tactic":40},"D3-AEM","Application Exception Monitoring",{"name":41},"Detect",{"id":43,"name":44,"tactic":45},"D3-CCSA","Credential Compromise Scope Analysis",{"name":41},{"id":47,"name":48,"tactic":49},"D3-OPM","Operational Process Monitoring",{"name":41},{"id":51,"name":52,"tactic":53},"D3-CR","Credential Revocation",{"name":54},"Evict",{"id":56,"name":57,"tactic":58},"D3-ANCI","Authentication Cache Invalidation",{"name":54},{"id":60,"name":61,"tactic":62},"D3-DUC","Decoy User Credential",{"name":63},"Deceive",{"id":65,"name":66,"tactic":67},"D3-CH","Credential Hardening",{"name":68},"Harden",{"id":70,"name":71,"tactic":72},"D3-MFA","Multi-factor Authentication",{"name":68},{"id":74,"name":75,"tactic":76},"D3-CRO","Credential Rotation",{"name":68},{"id":78,"name":79,"tactic":80},"D3-TB","Token Binding",{"name":68},{"id":82,"name":83,"tactic":84},"D3-TBA","Token-based Authentication",{"name":68},{"id":86,"name":87,"tactic":88},"D3-RIC","Reissue Credential",{"name":89},"Restore",{"id":91,"name":92,"tactic":93},"D3-CTS","Credential Transmission Scoping",{"name":94},"Isolate",{"id":96,"name":97,"tactics":98,"countermeasures":102},"T1134.003","Make and Impersonate Token",[99,100,101],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},[103,105,107,109,113,115,117,119,121,123,125,127,129,131],{"id":38,"name":39,"tactic":104},{"name":41},{"id":43,"name":44,"tactic":106},{"name":41},{"id":47,"name":48,"tactic":108},{"name":41},{"id":110,"name":111,"tactic":112},"D3-ST","Session Termination",{"name":54},{"id":51,"name":52,"tactic":114},{"name":54},{"id":56,"name":57,"tactic":116},{"name":54},{"id":60,"name":61,"tactic":118},{"name":63},{"id":65,"name":66,"tactic":120},{"name":68},{"id":70,"name":71,"tactic":122},{"name":68},{"id":74,"name":75,"tactic":124},{"name":68},{"id":78,"name":79,"tactic":126},{"name":68},{"id":82,"name":83,"tactic":128},{"name":68},{"id":86,"name":87,"tactic":130},{"name":89},{"id":91,"name":92,"tactic":132},{"name":94},{"id":134,"name":135,"tactics":136,"countermeasures":140},"T1606","Forge Web Credentials",[137],{"id":138,"name":139},"TA0031","Credential Access",[141,143,145,147,149,151,153,155,157],{"id":43,"name":44,"tactic":142},{"name":41},{"id":51,"name":52,"tactic":144},{"name":54},{"id":56,"name":57,"tactic":146},{"name":54},{"id":60,"name":61,"tactic":148},{"name":63},{"id":65,"name":66,"tactic":150},{"name":68},{"id":70,"name":71,"tactic":152},{"name":68},{"id":74,"name":75,"tactic":154},{"name":68},{"id":86,"name":87,"tactic":156},{"name":89},{"id":91,"name":92,"tactic":158},{"name":94},{"id":160,"name":161,"techniques":162},"CAPEC-21","Exploitation of Trusted Identifiers",[163,240,268],{"id":164,"name":165,"tactics":166,"countermeasures":170},"T1134","Access Token Manipulation",[167,168,169],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},[171,176,180,184,186,190,192,194,198,200,202,204,206,208,210,212,214,216,220,222,226,228,232,236],{"id":172,"name":173,"tactic":174},"D3-CI","Configuration Inventory",{"name":175},"Model",{"id":177,"name":178,"tactic":179},"D3-NTPM","Network Traffic Policy Mapping",{"name":175},{"id":181,"name":182,"tactic":183},"D3-AM","Access Modeling",{"name":175},{"id":38,"name":39,"tactic":185},{"name":41},{"id":187,"name":188,"tactic":189},"D3-SCA","System Call Analysis",{"name":41},{"id":43,"name":44,"tactic":191},{"name":41},{"id":47,"name":48,"tactic":193},{"name":41},{"id":195,"name":196,"tactic":197},"D3-PSA","Process Spawn Analysis",{"name":41},{"id":110,"name":111,"tactic":199},{"name":54},{"id":51,"name":52,"tactic":201},{"name":54},{"id":56,"name":57,"tactic":203},{"name":54},{"id":60,"name":61,"tactic":205},{"name":63},{"id":65,"name":66,"tactic":207},{"name":68},{"id":70,"name":71,"tactic":209},{"name":68},{"id":74,"name":75,"tactic":211},{"name":68},{"id":78,"name":79,"tactic":213},{"name":68},{"id":82,"name":83,"tactic":215},{"name":68},{"id":217,"name":218,"tactic":219},"D3-RC","Restore Configuration",{"name":89},{"id":86,"name":87,"tactic":221},{"name":89},{"id":223,"name":224,"tactic":225},"D3-SCF","System Call Filtering",{"name":94},{"id":91,"name":92,"tactic":227},{"name":94},{"id":229,"name":230,"tactic":231},"D3-EAL","Executable Allowlisting",{"name":94},{"id":233,"name":234,"tactic":235},"D3-EDL","Executable Denylisting",{"name":94},{"id":237,"name":238,"tactic":239},"D3-HBPI","Hardware-based Process Isolation",{"name":94},{"id":241,"name":242,"tactics":243,"countermeasures":245},"T1528","Steal Application Access Token",[244],{"id":138,"name":139},[246,248,250,252,254,256,258,260,262,264,266],{"id":43,"name":44,"tactic":247},{"name":41},{"id":51,"name":52,"tactic":249},{"name":54},{"id":56,"name":57,"tactic":251},{"name":54},{"id":60,"name":61,"tactic":253},{"name":63},{"id":65,"name":66,"tactic":255},{"name":68},{"id":70,"name":71,"tactic":257},{"name":68},{"id":74,"name":75,"tactic":259},{"name":68},{"id":78,"name":79,"tactic":261},{"name":68},{"id":82,"name":83,"tactic":263},{"name":68},{"id":86,"name":87,"tactic":265},{"name":89},{"id":91,"name":92,"tactic":267},{"name":94},{"id":269,"name":270,"tactics":271,"countermeasures":273},"T1539","Steal Web Session Cookie",[272],{"id":138,"name":139},[274,276,278,280,282,284,286,288,290],{"id":43,"name":44,"tactic":275},{"name":41},{"id":51,"name":52,"tactic":277},{"name":54},{"id":56,"name":57,"tactic":279},{"name":54},{"id":60,"name":61,"tactic":281},{"name":63},{"id":65,"name":66,"tactic":283},{"name":68},{"id":70,"name":71,"tactic":285},{"name":68},{"id":74,"name":75,"tactic":287},{"name":68},{"id":86,"name":87,"tactic":289},{"name":89},{"id":91,"name":92,"tactic":291},{"name":94},{"id":293,"name":294,"techniques":295},"CAPEC-31","Accessing/Intercepting/Modifying HTTP Cookies",[296],{"id":269,"name":270,"tactics":297,"countermeasures":299},[298],{"id":138,"name":139},[300,302,304,306,308,310,312,314,316],{"id":43,"name":44,"tactic":301},{"name":41},{"id":51,"name":52,"tactic":303},{"name":54},{"id":56,"name":57,"tactic":305},{"name":54},{"id":60,"name":61,"tactic":307},{"name":63},{"id":65,"name":66,"tactic":309},{"name":68},{"id":70,"name":71,"tactic":311},{"name":68},{"id":74,"name":75,"tactic":313},{"name":68},{"id":86,"name":87,"tactic":315},{"name":89},{"id":91,"name":92,"tactic":317},{"name":94},{"id":319,"name":320,"techniques":321},"CAPEC-39","Manipulating Opaque Client-based Data Tokens",[],{"id":323,"name":324,"techniques":325},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":327,"name":328,"techniques":329},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[330,360],{"id":331,"name":332,"tactics":333,"countermeasures":337},"T1134.001","Token Impersonation/Theft",[334,335,336],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},[338,340,342,344,346,348,350,352,354,356,358],{"id":43,"name":44,"tactic":339},{"name":41},{"id":51,"name":52,"tactic":341},{"name":54},{"id":56,"name":57,"tactic":343},{"name":54},{"id":60,"name":61,"tactic":345},{"name":63},{"id":65,"name":66,"tactic":347},{"name":68},{"id":70,"name":71,"tactic":349},{"name":68},{"id":74,"name":75,"tactic":351},{"name":68},{"id":78,"name":79,"tactic":353},{"name":68},{"id":82,"name":83,"tactic":355},{"name":68},{"id":86,"name":87,"tactic":357},{"name":89},{"id":91,"name":92,"tactic":359},{"name":94},{"id":361,"name":362,"tactics":363,"countermeasures":368},"T1550.004","Web Session Cookie",[364,365],{"id":28,"name":29},{"id":366,"name":367},"TA0109","Lateral Movement",[369,373,377,381,385,389,393,397,401,405,409,411,413,417,421,425,429,431,433,435,437,439,441,443,447,451,453,455,459,463],{"id":370,"name":371,"tactic":372},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":41},{"id":374,"name":375,"tactic":376},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":41},{"id":378,"name":379,"tactic":380},"D3-CSPP","Client-server Payload Profiling",{"name":41},{"id":382,"name":383,"tactic":384},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":41},{"id":386,"name":387,"tactic":388},"D3-NTSA","Network Traffic Signature Analysis",{"name":41},{"id":390,"name":391,"tactic":392},"D3-APCA","Application Protocol Command Analysis",{"name":41},{"id":394,"name":395,"tactic":396},"D3-NTCD","Network Traffic Community Deviation",{"name":41},{"id":398,"name":399,"tactic":400},"D3-RTSD","Remote Terminal Session Detection",{"name":41},{"id":402,"name":403,"tactic":404},"D3-PLA","Process Lineage Analysis",{"name":41},{"id":406,"name":407,"tactic":408},"D3-PSMD","Process Self-Modification Detection",{"name":41},{"id":195,"name":196,"tactic":410},{"name":41},{"id":43,"name":44,"tactic":412},{"name":41},{"id":414,"name":415,"tactic":416},"D3-PT","Process Termination",{"name":54},{"id":418,"name":419,"tactic":420},"D3-PS","Process Suspension",{"name":54},{"id":422,"name":423,"tactic":424},"D3-HR","Host Reboot",{"name":54},{"id":426,"name":427,"tactic":428},"D3-HS","Host Shutdown",{"name":54},{"id":51,"name":52,"tactic":430},{"name":54},{"id":56,"name":57,"tactic":432},{"name":54},{"id":60,"name":61,"tactic":434},{"name":63},{"id":65,"name":66,"tactic":436},{"name":68},{"id":70,"name":71,"tactic":438},{"name":68},{"id":74,"name":75,"tactic":440},{"name":68},{"id":86,"name":87,"tactic":442},{"name":89},{"id":444,"name":445,"tactic":446},"D3-NTF","Network Traffic Filtering",{"name":94},{"id":448,"name":449,"tactic":450},"D3-KBPI","Kernel-based Process Isolation",{"name":94},{"id":223,"name":224,"tactic":452},{"name":94},{"id":237,"name":238,"tactic":454},{"name":94},{"id":456,"name":457,"tactic":458},"D3-ABPI","Application-based Process Isolation",{"name":94},{"id":460,"name":461,"tactic":462},"D3-WSAM","Web Session Access Mediation",{"name":94},{"id":91,"name":92,"tactic":464},{"name":94},{"id":466,"name":13,"techniques":467},"CAPEC-61",[],[],[],[],[472,474,476,478,480],{"_key":473},"UBUNTU-CVE-2015-1820",{"_key":475},"MGASA-2015-0227",{"_key":477},"DEBIAN-CVE-2015-1820",{"_key":479},"RHBA-2015:1100",{"_key":481},"RHSA-2021:1313",[],[484],{"_key":475},"2017-08-09T18:00:00.000Z","2024-08-06T04:54:16.343Z","Modified",{"cisa_kev":489,"cisa_ransomware":489,"cisa_vendor":9,"epss_severity":490,"epss_score":491,"severity":492,"severity_score":493,"severity_version":494,"severity_source":495,"severity_vector":496,"severity_status":487},false,"low",0.03723,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[498,505,511,517],{"url":499,"sources":500,"tags":502},"https://github.com/rest-client/rest-client/issues/369",[501,495],"cve.org",[503,504],"X Refsource CONFIRM","Third Party Advisory",{"url":506,"sources":507,"tags":508},"http://www.securityfocus.com/bid/73295",[501,495],[509,510,504],"VDB Entry","X Refsource BID",{"url":512,"sources":513,"tags":514},"https://bugzilla.redhat.com/show_bug.cgi?id=1205291",[501,495],[503,515,516,504,509],"Issue Tracking","Patch",{"url":518,"sources":519,"tags":520},"http://www.openwall.com/lists/oss-security/2015/03/24/3",[501,495],[521,522,509],"Mailing List","X Refsource MLIST",[],{"date":525,"score":491,"percentile":526},"2026-06-04",0.88189,[528,531,534,537,540,543,545,547,550,553,556,559,562,565,567,570,573,576,579,582,584,586,589,591,593,595,598,600,603,606,608,611,614,617,620,623,626,629,632,635,638,640,643,645,648,651,654,657,660,662,665,668,671,673,676,679,682,685,688,691,694,697,699,701,703,706,709,711,714,716,718,720,723,725,728,731,734,737,739,742,745,748,751,754,757,760,763,766,768,770],{"date":529,"score":491,"percentile":530},"2025-11-04",0.87471,{"date":532,"score":491,"percentile":533},"2025-11-05",0.87473,{"date":535,"score":491,"percentile":536},"2025-11-06",0.87469,{"date":538,"score":491,"percentile":539},"2025-11-07",0.87476,{"date":541,"score":491,"percentile":542},"2025-11-08",0.87479,{"date":544,"score":491,"percentile":533},"2025-11-09",{"date":546,"score":491,"percentile":533},"2025-11-10",{"date":548,"score":491,"percentile":549},"2025-11-11",0.87478,{"date":551,"score":491,"percentile":552},"2025-11-12",0.87484,{"date":554,"score":491,"percentile":555},"2025-11-13",0.87489,{"date":557,"score":491,"percentile":558},"2025-11-14",0.87492,{"date":560,"score":491,"percentile":561},"2025-11-15",0.87488,{"date":563,"score":491,"percentile":564},"2025-11-16",0.87493,{"date":566,"score":491,"percentile":555},"2025-11-17",{"date":568,"score":491,"percentile":569},"2025-11-18",0.86811,{"date":571,"score":491,"percentile":572},"2025-11-19",0.86812,{"date":574,"score":491,"percentile":575},"2025-11-20",0.86814,{"date":577,"score":491,"percentile":578},"2025-11-21",0.87501,{"date":580,"score":491,"percentile":581},"2025-11-22",0.87496,{"date":583,"score":491,"percentile":558},"2025-11-23",{"date":585,"score":491,"percentile":564},"2025-11-24",{"date":587,"score":491,"percentile":588},"2025-11-25",0.87494,{"date":590,"score":491,"percentile":558},"2025-11-26",{"date":592,"score":491,"percentile":564},"2025-11-27",{"date":594,"score":491,"percentile":542},"2025-11-28",{"date":596,"score":491,"percentile":597},"2025-11-29",0.87553,{"date":599,"score":491,"percentile":597},"2025-11-30",{"date":601,"score":491,"percentile":602},"2025-12-01",0.87619,{"date":604,"score":491,"percentile":605},"2025-12-02",0.8762,{"date":607,"score":491,"percentile":605},"2025-12-03",{"date":609,"score":491,"percentile":610},"2025-12-04",0.87551,{"date":612,"score":491,"percentile":613},"2025-12-05",0.87555,{"date":615,"score":491,"percentile":616},"2025-12-06",0.87552,{"date":618,"score":491,"percentile":619},"2025-12-07",0.87549,{"date":621,"score":491,"percentile":622},"2025-12-08",0.8755,{"date":624,"score":491,"percentile":625},"2025-12-09",0.87563,{"date":627,"score":491,"percentile":628},"2025-12-10",0.87578,{"date":630,"score":491,"percentile":631},"2025-12-11",0.87585,{"date":633,"score":491,"percentile":634},"2025-12-12",0.8759,{"date":636,"score":491,"percentile":637},"2025-12-13",0.87589,{"date":639,"score":491,"percentile":631},"2025-12-14",{"date":641,"score":491,"percentile":642},"2025-12-15",0.87582,{"date":644,"score":491,"percentile":637},"2025-12-16",{"date":646,"score":491,"percentile":647},"2025-12-17",0.87594,{"date":649,"score":491,"percentile":650},"2025-12-18",0.87603,{"date":652,"score":491,"percentile":653},"2025-12-19",0.87606,{"date":655,"score":491,"percentile":656},"2025-12-20",0.87605,{"date":658,"score":491,"percentile":659},"2025-12-21",0.8761,{"date":661,"score":491,"percentile":659},"2025-12-22",{"date":663,"score":491,"percentile":664},"2025-12-23",0.87612,{"date":666,"score":491,"percentile":667},"2025-12-24",0.87618,{"date":669,"score":491,"percentile":670},"2025-12-25",0.8763,{"date":672,"score":491,"percentile":670},"2025-12-26",{"date":674,"score":491,"percentile":675},"2025-12-27",0.87667,{"date":677,"score":491,"percentile":678},"2025-12-28",0.87617,{"date":680,"score":491,"percentile":681},"2025-12-29",0.87611,{"date":683,"score":491,"percentile":684},"2025-12-30",0.87621,{"date":686,"score":491,"percentile":687},"2025-12-31",0.87632,{"date":689,"score":491,"percentile":690},"2026-01-01",0.87693,{"date":692,"score":491,"percentile":693},"2026-01-02",0.87688,{"date":695,"score":491,"percentile":696},"2026-01-03",0.87687,{"date":698,"score":491,"percentile":684},"2026-01-04",{"date":700,"score":491,"percentile":667},"2026-01-05",{"date":702,"score":491,"percentile":684},"2026-01-06",{"date":704,"score":491,"percentile":705},"2026-01-07",0.87622,{"date":707,"score":491,"percentile":708},"2026-01-08",0.87628,{"date":710,"score":491,"percentile":708},"2026-01-09",{"date":712,"score":491,"percentile":713},"2026-01-10",0.87629,{"date":715,"score":491,"percentile":705},"2026-01-11",{"date":717,"score":491,"percentile":605},"2026-01-12",{"date":719,"score":491,"percentile":667},"2026-01-13",{"date":721,"score":491,"percentile":722},"2026-01-14",0.87631,{"date":724,"score":491,"percentile":687},"2026-01-15",{"date":726,"score":491,"percentile":727},"2026-01-16",0.87637,{"date":729,"score":491,"percentile":730},"2026-01-17",0.87638,{"date":732,"score":491,"percentile":733},"2026-01-18",0.87641,{"date":735,"score":491,"percentile":736},"2026-01-19",0.87639,{"date":738,"score":491,"percentile":730},"2026-01-20",{"date":740,"score":491,"percentile":741},"2026-01-21",0.87642,{"date":743,"score":491,"percentile":744},"2026-01-22",0.87646,{"date":746,"score":491,"percentile":747},"2026-01-23",0.87659,{"date":749,"score":491,"percentile":750},"2026-01-24",0.87666,{"date":752,"score":491,"percentile":753},"2026-01-25",0.87662,{"date":755,"score":491,"percentile":756},"2026-01-26",0.87661,{"date":758,"score":491,"percentile":759},"2026-01-27",0.87663,{"date":761,"score":491,"percentile":762},"2026-01-28",0.87665,{"date":764,"score":491,"percentile":765},"2026-01-29",0.8767,{"date":767,"score":491,"percentile":765},"2026-01-30",{"date":769,"score":491,"percentile":750},"2026-01-31",{"date":771,"score":491,"percentile":772},"2026-02-01",0.87736,[774],{"source":495,"cvss_v2_0":775,"cvss_v3_0":780,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":776,"baseSeverity":9,"vectorString":777,"impactScore":778,"exploitabilityScore":779},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":493,"baseSeverity":781,"vectorString":496,"impactScore":493,"exploitabilityScore":779},"CRITICAL",[783],{"ecosystem":9,"name":784,"vendor":785,"product":784,"cpe_part":786,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":787},"rest-client","rest-client_project","a",[788],{"version":789,"is_range":790,"range_type":791,"version_start":9,"version_start_type":9,"version_end":792,"version_end_type":793,"fixed_in":9},"lte1.7.3",true,"cpe","1.7.3","including"]