httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution
Published: January 14, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-1801 (NVD)
- GHSA: GHSA-mgx3-27hr-mfgp
- OSVDB: OSVDB-90741
GEM
SEVERITY
CVSS v2.0: 7.5 (High)
PATCHED VERSIONS
>= 0.10.0
DESCRIPTION
httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.