RubySec

Providing security resources for the Ruby community

CVE-2013-1801 (httparty): httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution

ADVISORIES

GEM

httparty

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • >= 0.10.0

DESCRIPTION

httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.