The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Httparty | John_nunemaker | 0.7.3 | 0.7.3 |
Httparty | John_nunemaker | 0.8.0 | 0.8.0 |
Httparty | John_nunemaker | * | 0.9.0 |
Httparty | John_nunemaker | 0.6.1 | 0.6.1 |
Httparty | John_nunemaker | 0.2.2 | 0.2.2 |
Httparty | John_nunemaker | 0.7.7 | 0.7.7 |
Httparty | John_nunemaker | 0.5.0 | 0.5.0 |
Httparty | John_nunemaker | 0.3.1 | 0.3.1 |
Httparty | John_nunemaker | 0.1.8 | 0.1.8 |
Httparty | John_nunemaker | 0.6.0 | 0.6.0 |
Httparty | John_nunemaker | 0.7.1 | 0.7.1 |
Httparty | John_nunemaker | 0.2.8 | 0.2.8 |
Httparty | John_nunemaker | 0.7.4 | 0.7.4 |
Httparty | John_nunemaker | 0.4.5 | 0.4.5 |
Httparty | John_nunemaker | 0.4.2 | 0.4.2 |
Httparty | John_nunemaker | 0.7.8 | 0.7.8 |
Httparty | John_nunemaker | 0.1.2 | 0.1.2 |
Httparty | John_nunemaker | 0.1.3 | 0.1.3 |
Httparty | John_nunemaker | 0.2.7 | 0.2.7 |
Httparty | John_nunemaker | 0.1.1 | 0.1.1 |
Httparty | John_nunemaker | 0.2.0 | 0.2.0 |
Httparty | John_nunemaker | 0.7.0 | 0.7.0 |
Httparty | John_nunemaker | 0.5.2 | 0.5.2 |
Httparty | John_nunemaker | 0.4.0 | 0.4.0 |
Httparty | John_nunemaker | 0.2.9 | 0.2.9 |
Httparty | John_nunemaker | 0.7.5 | 0.7.5 |
Httparty | John_nunemaker | 0.1.0 | 0.1.0 |
Httparty | John_nunemaker | 0.2.5 | 0.2.5 |
Httparty | John_nunemaker | 0.2.1 | 0.2.1 |
Httparty | John_nunemaker | 0.2.4 | 0.2.4 |
Httparty | John_nunemaker | 0.4.1 | 0.4.1 |
Httparty | John_nunemaker | 0.2.3 | 0.2.3 |
Httparty | John_nunemaker | 0.8.3 | 0.8.3 |
Httparty | John_nunemaker | 0.1.5 | 0.1.5 |
Httparty | John_nunemaker | 0.4.4 | 0.4.4 |
Httparty | John_nunemaker | 0.8.2 | 0.8.2 |
Httparty | John_nunemaker | 0.7.2 | 0.7.2 |
Httparty | John_nunemaker | 0.7.6 | 0.7.6 |
Httparty | John_nunemaker | 0.1.7 | 0.1.7 |
Httparty | John_nunemaker | 0.2.6 | 0.2.6 |
Httparty | John_nunemaker | 0.4.3 | 0.4.3 |
Httparty | John_nunemaker | 0.8.1 | 0.8.1 |
Httparty | John_nunemaker | 0.1.6 | 0.1.6 |
Httparty | John_nunemaker | 0.2.10 | 0.2.10 |
Httparty | John_nunemaker | 0.5.1 | 0.5.1 |
Httparty | John_nunemaker | 0.3.0 | 0.3.0 |