The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Httparty | John_nunemaker | * | 0.9.0 (including) |
| Httparty | John_nunemaker | 0.1.0 (including) | 0.1.0 (including) |
| Httparty | John_nunemaker | 0.1.1 (including) | 0.1.1 (including) |
| Httparty | John_nunemaker | 0.1.2 (including) | 0.1.2 (including) |
| Httparty | John_nunemaker | 0.1.3 (including) | 0.1.3 (including) |
| Httparty | John_nunemaker | 0.1.5 (including) | 0.1.5 (including) |
| Httparty | John_nunemaker | 0.1.6 (including) | 0.1.6 (including) |
| Httparty | John_nunemaker | 0.1.7 (including) | 0.1.7 (including) |
| Httparty | John_nunemaker | 0.1.8 (including) | 0.1.8 (including) |
| Httparty | John_nunemaker | 0.2.0 (including) | 0.2.0 (including) |
| Httparty | John_nunemaker | 0.2.1 (including) | 0.2.1 (including) |
| Httparty | John_nunemaker | 0.2.2 (including) | 0.2.2 (including) |
| Httparty | John_nunemaker | 0.2.3 (including) | 0.2.3 (including) |
| Httparty | John_nunemaker | 0.2.4 (including) | 0.2.4 (including) |
| Httparty | John_nunemaker | 0.2.5 (including) | 0.2.5 (including) |
| Httparty | John_nunemaker | 0.2.6 (including) | 0.2.6 (including) |
| Httparty | John_nunemaker | 0.2.7 (including) | 0.2.7 (including) |
| Httparty | John_nunemaker | 0.2.8 (including) | 0.2.8 (including) |
| Httparty | John_nunemaker | 0.2.9 (including) | 0.2.9 (including) |
| Httparty | John_nunemaker | 0.2.10 (including) | 0.2.10 (including) |
| Httparty | John_nunemaker | 0.3.0 (including) | 0.3.0 (including) |
| Httparty | John_nunemaker | 0.3.1 (including) | 0.3.1 (including) |
| Httparty | John_nunemaker | 0.4.0 (including) | 0.4.0 (including) |
| Httparty | John_nunemaker | 0.4.1 (including) | 0.4.1 (including) |
| Httparty | John_nunemaker | 0.4.2 (including) | 0.4.2 (including) |
| Httparty | John_nunemaker | 0.4.3 (including) | 0.4.3 (including) |
| Httparty | John_nunemaker | 0.4.4 (including) | 0.4.4 (including) |
| Httparty | John_nunemaker | 0.4.5 (including) | 0.4.5 (including) |
| Httparty | John_nunemaker | 0.5.0 (including) | 0.5.0 (including) |
| Httparty | John_nunemaker | 0.5.1 (including) | 0.5.1 (including) |
| Httparty | John_nunemaker | 0.5.2 (including) | 0.5.2 (including) |
| Httparty | John_nunemaker | 0.6.0 (including) | 0.6.0 (including) |
| Httparty | John_nunemaker | 0.6.1 (including) | 0.6.1 (including) |
| Httparty | John_nunemaker | 0.7.0 (including) | 0.7.0 (including) |
| Httparty | John_nunemaker | 0.7.1 (including) | 0.7.1 (including) |
| Httparty | John_nunemaker | 0.7.2 (including) | 0.7.2 (including) |
| Httparty | John_nunemaker | 0.7.3 (including) | 0.7.3 (including) |
| Httparty | John_nunemaker | 0.7.4 (including) | 0.7.4 (including) |
| Httparty | John_nunemaker | 0.7.5 (including) | 0.7.5 (including) |
| Httparty | John_nunemaker | 0.7.6 (including) | 0.7.6 (including) |
| Httparty | John_nunemaker | 0.7.7 (including) | 0.7.7 (including) |
| Httparty | John_nunemaker | 0.7.8 (including) | 0.7.8 (including) |
| Httparty | John_nunemaker | 0.8.0 (including) | 0.8.0 (including) |
| Httparty | John_nunemaker | 0.8.1 (including) | 0.8.1 (including) |
| Httparty | John_nunemaker | 0.8.2 (including) | 0.8.2 (including) |
| Httparty | John_nunemaker | 0.8.3 (including) | 0.8.3 (including) |