CVE-2013-1801

EUVD-2017-0272
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
jnunemakerhttparty
𝑥
≤ 0.9.0
jnunemakerhttparty
0.1.0
jnunemakerhttparty
0.1.1
jnunemakerhttparty
0.1.2
jnunemakerhttparty
0.1.3
jnunemakerhttparty
0.1.5
jnunemakerhttparty
0.1.6
jnunemakerhttparty
0.1.7
jnunemakerhttparty
0.1.8
jnunemakerhttparty
0.2.0
jnunemakerhttparty
0.2.1
jnunemakerhttparty
0.2.2
jnunemakerhttparty
0.2.3
jnunemakerhttparty
0.2.4
jnunemakerhttparty
0.2.5
jnunemakerhttparty
0.2.6
jnunemakerhttparty
0.2.7
jnunemakerhttparty
0.2.8
jnunemakerhttparty
0.2.9
jnunemakerhttparty
0.2.10
jnunemakerhttparty
0.3.0
jnunemakerhttparty
0.3.1
jnunemakerhttparty
0.4.0
jnunemakerhttparty
0.4.1
jnunemakerhttparty
0.4.2
jnunemakerhttparty
0.4.3
jnunemakerhttparty
0.4.4
jnunemakerhttparty
0.4.5
jnunemakerhttparty
0.5.0
jnunemakerhttparty
0.5.1
jnunemakerhttparty
0.5.2
jnunemakerhttparty
0.6.0
jnunemakerhttparty
0.6.1
jnunemakerhttparty
0.7.0
jnunemakerhttparty
0.7.1
jnunemakerhttparty
0.7.2
jnunemakerhttparty
0.7.3
jnunemakerhttparty
0.7.4
jnunemakerhttparty
0.7.5
jnunemakerhttparty
0.7.6
jnunemakerhttparty
0.7.7
jnunemakerhttparty
0.7.8
jnunemakerhttparty
0.8.0
jnunemakerhttparty
0.8.1
jnunemakerhttparty
0.8.2
jnunemakerhttparty
0.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/58260
https://bugzilla.redhat.com/show_bug.cgi?id=917229
https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately
http://www.securityfocus.com/bid/58260
https://bugzilla.redhat.com/show_bug.cgi?id=917229
https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately