CVE-2013-1801

by Fred · 09/04/2013

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.

Date published : 2013-04-09

http://www.securityfocus.com/bid/58260

https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031

CVE-2013-1801

Similar

Recent Posts

Categories

CVE-2013-1801

Share this:

Similar

Recent Posts

Categories

Tags