RubySec

Providing security resources for the Ruby community

CVE-2013-1801 (httparty): httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution

ADVISORIES

GEM

httparty

SEVERITY

CVSS v2.0: 7.5 (High)

PATCHED VERSIONS

  • >= 0.10.0

DESCRIPTION

httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.