{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-04-09T20:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031"}, {"tags": ["x_refsource_MISC"], "url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917229"}, {"name": "58260", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58260"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:32.978Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917229"}, {"name": "58260", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58260"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1801", "state": "PUBLISHED", "dateReserved": "2013-02-19T00:00:00Z", "datePublished": "2013-04-09T20:00:00Z", "dateUpdated": "2024-08-06T15:13:32.978Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:john_nunemaker:httparty:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7AF77B3-AFA1-482E-970C-A18CA17AFA04", "versionEndIncluding": "0.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "320429F1-6058-481A-91FA-229EA72541C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "892C247D-82BC-460B-8B22-DA28E7EE94D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D4C189F-BB30-489E-83D6-174B2E56933B", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4985DEFE-D57D-4240-803D-1925B8A3B28D", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "53FCC484-454E-4092-AA45-41713302C874", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "BAB48BB8-683E-4A28-BCDB-200D66DD6135", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "DADF06F7-9CED-4B50-B3F4-192EA8B09673", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "32E81542-5CCB-49C5-AEC1-6FE34F1D189D", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7CA86AC3-A044-4D33-9AAA-4D3BCEB3D640", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2C36EB25-0BD6-4AFF-80D8-595938CBDE59", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E4E90DE-6D28-4D7F-95AA-A1829F6DAE3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E7EBA09B-9667-4A69-90DC-A0C00A67B97C", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "1B6FABA0-145D-4F0F-9CB7-07BFFFE331EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F10CE4A6-65F3-4AAD-B186-A13FE4E2717D", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "5D247CCE-6628-4018-9F65-A09CAFF12B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "5C44A2D3-AE53-4E26-8881-EBD36636F9AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "79959AF0-5A72-4B9A-9B1F-3BA4D1BA41A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "085FA28C-F7A7-46FC-934C-D4A4C35FF257", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "A8620D5B-0AB1-4BF8-89E5-9E81B8688B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE27DD5F-1726-470F-B618-2BE880B175A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E30C2C76-1360-47F0-A136-C024FAD63915", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "94F901F7-3589-4607-824F-4BACCDF150B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4016FBD-0BA2-48F5-9F67-4978A82F855F", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "C9B9244D-B840-408C-8517-223CAD71AD45", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A9F61BA4-3916-480B-A5E6-0AF3E07E805B", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C0E9145-FE79-4A5B-82AF-04BB36167977", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "84D7769A-41C8-46D0-B502-B1740DCF1E06", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B0FCA76-DB62-443A-851D-CDAF5F2A877B", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "6153BC0E-4F33-4708-8DAB-84E330FC5D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6C015D8-EEAC-48D0-B4A1-AC98BB44408B", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "40850AE1-5320-4B09-A5D4-6F393FA87B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBEAB380-095A-49AB-80D0-F1A71C0F5BC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE64350B-FE1E-43BF-AFA7-136D61243966", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E29674A-11AB-46B2-A67D-50AE296C91EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "C237B5D0-3156-4A30-B224-ACBD60B8FAB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "33762DC0-6E68-44BB-AAC1-33246A383B22", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E1F3330-4F2A-4134-8D0E-BEE3D91D7397", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "611780A3-7F88-406F-BBFB-38900773E0DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "F05FFFDC-1C20-46EA-BA63-0D002901B0BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "E0E5D68F-15A0-485D-98A1-1B2C178B2DCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "9B5F1C43-95C2-414F-833C-A9B611A0CF09", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F5456C9-EBD7-483A-8271-207FCD7B509B", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2D1D4C0-4908-4C6F-96D5-B2B982075121", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "71FD7E41-F1B6-4C42-BF19-F3DAF61D9285", "vulnerable": true}, {"criteria": "cpe:2.3:a:john_nunemaker:httparty:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "FDE3D1AC-C201-4332-A8C7-EB27C8C3C2F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156."}, {"lang": "es", "value": "La gema httparty 0.9.0 y anteriores para Ruby no restringe adecuadamente las conversiones de los valores de cadena, lo que podr\u00eda permitir a atacantes remotos llevar a cabo ataques de inyecci\u00f3n de objetos y la ejecuci\u00f3n de c\u00f3digo arbitrario o provocar incluso una denegaci\u00f3n de servicio (consumo de memoria y CPU), aprovechando el soporte Action Pack para los conversores de tipo YALM . Vulnerabilidad similar a CVE-2013-0156."}], "id": "CVE-2013-1801", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-09T20:55:01.960", "references": [{"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/58260"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917229"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031"}, {"source": "secalert@redhat.com", "url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/58260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}