HTTParty does not restrict casts of string values

🗓️ 24 Oct 2017 18:37:33Reported by GoogleType

osv🔗 osv.dev👁 62 Views

HTTParty gem allows unrestricted casting of string values, leading to object-injection attacks, code execution, and denial of servic

Reporter	Title	Published	Views	Family All 176
NVD	CVE-2013-1801	9 Apr 201320:55	–	nvd
NVD	CVE-2013-0156	13 Jan 201322:55	–	nvd
NVD	CVE-2013-0333	30 Jan 201312:00	–	nvd
NVD	CVE-2013-1802	9 Apr 201320:55	–	nvd
NVD	CVE-2013-1800	9 Apr 201320:55	–	nvd
NVD	CVE-2013-0175	25 Apr 201323:55	–	nvd
NVD	CVE-2013-0285	9 Apr 201320:55	–	nvd
Prion	Type confusion	9 Apr 201320:55	–	prion
Prion	Type confusion	13 Jan 201322:55	–	prion
Prion	Type confusion	25 Apr 201323:55	–	prion

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2013-1801
github	www.github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/jnunemaker/httparty
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2013-1801.yml
support	www.support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately
web	www.web.archive.org/web/20200229101716/http://www.securityfocus.com/bid/58260

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo