CVE-2013-1801

Exploit

EPSS 2.99%
Veröffentlicht 09.04.2013 20:55:01
Zuletzt bearbeitet 07.01.2026 19:27:17
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jnunemaker ≫ Httparty Version <= 0.9.0

Jnunemaker ≫ Httparty Version0.1.0

Jnunemaker ≫ Httparty Version0.1.1

Jnunemaker ≫ Httparty Version0.1.2

Jnunemaker ≫ Httparty Version0.1.3

Jnunemaker ≫ Httparty Version0.1.5

Jnunemaker ≫ Httparty Version0.1.6

Jnunemaker ≫ Httparty Version0.1.7

Jnunemaker ≫ Httparty Version0.1.8

Jnunemaker ≫ Httparty Version0.2.0

Jnunemaker ≫ Httparty Version0.2.1

Jnunemaker ≫ Httparty Version0.2.2

Jnunemaker ≫ Httparty Version0.2.3

Jnunemaker ≫ Httparty Version0.2.4

Jnunemaker ≫ Httparty Version0.2.5

Jnunemaker ≫ Httparty Version0.2.6

Jnunemaker ≫ Httparty Version0.2.7

Jnunemaker ≫ Httparty Version0.2.8

Jnunemaker ≫ Httparty Version0.2.9

Jnunemaker ≫ Httparty Version0.2.10

Jnunemaker ≫ Httparty Version0.3.0

Jnunemaker ≫ Httparty Version0.3.1

Jnunemaker ≫ Httparty Version0.4.0

Jnunemaker ≫ Httparty Version0.4.1

Jnunemaker ≫ Httparty Version0.4.2

Jnunemaker ≫ Httparty Version0.4.3

Jnunemaker ≫ Httparty Version0.4.4

Jnunemaker ≫ Httparty Version0.4.5

Jnunemaker ≫ Httparty Version0.5.0

Jnunemaker ≫ Httparty Version0.5.1

Jnunemaker ≫ Httparty Version0.5.2

Jnunemaker ≫ Httparty Version0.6.0

Jnunemaker ≫ Httparty Version0.6.1

Jnunemaker ≫ Httparty Version0.7.0

Jnunemaker ≫ Httparty Version0.7.1

Jnunemaker ≫ Httparty Version0.7.2

Jnunemaker ≫ Httparty Version0.7.3

Jnunemaker ≫ Httparty Version0.7.4

Jnunemaker ≫ Httparty Version0.7.5

Jnunemaker ≫ Httparty Version0.7.6

Jnunemaker ≫ Httparty Version0.7.7

Jnunemaker ≫ Httparty Version0.7.8

Jnunemaker ≫ Httparty Version0.8.0

Jnunemaker ≫ Httparty Version0.8.1

Jnunemaker ≫ Httparty Version0.8.2

Jnunemaker ≫ Httparty Version0.8.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.99%	0.853

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately

http://www.securityfocus.com/bid/58260

https://bugzilla.redhat.com/show_bug.cgi?id=917229

https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031

Patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2013-1801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1801

EUVD