Количество 2
Количество 2
CVE-2013-1801
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
GHSA-mgx3-27hr-mfgp
HTTParty does not restrict casts of string values
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2013-1801 The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156. | CVSS2: 7.5 | 3% Низкий | почти 13 лет назад |
| GHSA-mgx3-27hr-mfgp HTTParty does not restrict casts of string values | 3% Низкий | больше 8 лет назад |
Уязвимостей на страницу