CVE-2013-1801

Опубликовано: 09 апр. 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*

Версия до 0.9.0 (включая)

cpe:2.3:a:jnunemaker:httparty:0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.6:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.7:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.1.8:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.9:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.2.10:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.3.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.4.4:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.4.5:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.4:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.5:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.6:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.7:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.7.8:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:jnunemaker:httparty:0.8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02991

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-mgx3-27hr-mfgp

github

больше 8 лет назад

HTTParty does not restrict casts of string values