Arbitrary Code Execution Affecting httparty package, versions < 0.10.0

Snyk CVSS

Attack Complexity Low

Threat Intelligence

EPSS 3.11% (91^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RUBY-HTTPARTY-20053
published 13 Jan 2013
disclosed 13 Jan 2013
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 13 Jan 2013

CVE-2013-1801 Open this link in a new tab CWE-94 Open this link in a new tab

Overview

httparty makes consuming restful web services easy. Affected versions of this gem contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.

References

http://rubysec.com/advisories/CVE-2013-1801