When Ruby rest-client [1] processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration.

This is very similar to CVE-2015-2296, which affected python-requests.
http://www.openwall.com/lists/oss-security/2015/03/14/4

The issue could be similarly exploited in the following ways:

• If you are the redirection source (i.e. you can make rest-client hit
  your URL), you can make rest-client perform a request to any
  third-party domain with cookies of your choosing. This may be useful
  in performing a session fixation attack.
• If you are the redirection target (i.e. you can make a third-party
  site redirect to your URL), you can steal any cookies set by the
  third-party redirection.

The behavior was introduced in rest-client 1.6.1 by this commit:
75ab0dc.
All subsequently released 1.6.x and 1.7.x versions are affected.

This issue is expected to be fixed in a forthcoming rest-client 1.8.0 release.

External links

Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1205291
oss-sec: https://marc.info/?l=oss-security&m=142717222416509&w=2

Not yet active:
Mitre: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1820
NVD: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1820