7.5

CVE-2013-1801

Exploit
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JnunemakerHttparty Version <= 0.9.0
JnunemakerHttparty Version0.1.0
JnunemakerHttparty Version0.1.1
JnunemakerHttparty Version0.1.2
JnunemakerHttparty Version0.1.3
JnunemakerHttparty Version0.1.5
JnunemakerHttparty Version0.1.6
JnunemakerHttparty Version0.1.7
JnunemakerHttparty Version0.1.8
JnunemakerHttparty Version0.2.0
JnunemakerHttparty Version0.2.1
JnunemakerHttparty Version0.2.2
JnunemakerHttparty Version0.2.3
JnunemakerHttparty Version0.2.4
JnunemakerHttparty Version0.2.5
JnunemakerHttparty Version0.2.6
JnunemakerHttparty Version0.2.7
JnunemakerHttparty Version0.2.8
JnunemakerHttparty Version0.2.9
JnunemakerHttparty Version0.2.10
JnunemakerHttparty Version0.3.0
JnunemakerHttparty Version0.3.1
JnunemakerHttparty Version0.4.0
JnunemakerHttparty Version0.4.1
JnunemakerHttparty Version0.4.2
JnunemakerHttparty Version0.4.3
JnunemakerHttparty Version0.4.4
JnunemakerHttparty Version0.4.5
JnunemakerHttparty Version0.5.0
JnunemakerHttparty Version0.5.1
JnunemakerHttparty Version0.5.2
JnunemakerHttparty Version0.6.0
JnunemakerHttparty Version0.6.1
JnunemakerHttparty Version0.7.0
JnunemakerHttparty Version0.7.1
JnunemakerHttparty Version0.7.2
JnunemakerHttparty Version0.7.3
JnunemakerHttparty Version0.7.4
JnunemakerHttparty Version0.7.5
JnunemakerHttparty Version0.7.6
JnunemakerHttparty Version0.7.7
JnunemakerHttparty Version0.7.8
JnunemakerHttparty Version0.8.0
JnunemakerHttparty Version0.8.1
JnunemakerHttparty Version0.8.2
JnunemakerHttparty Version0.8.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.41% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately
http://www.securityfocus.com/bid/58260
https://bugzilla.redhat.com/show_bug.cgi?id=917229
https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031
Patch
Exploit