CVE-2013-1801

{"id": "CVE-2013-1801", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-09T20:55:01.960", "references": [{"url": "http://www.securityfocus.com/bid/58260", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917229", "source": "secalert@redhat.com"}, {"url": "https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/58260", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917229", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156."}, {"lang": "es", "value": "La gema httparty 0.9.0 y anteriores para Ruby no restringe adecuadamente las conversiones de los valores de cadena, lo que podr\u00eda permitir a atacantes remotos llevar a cabo ataques de inyecci\u00f3n de objetos y la ejecuci\u00f3n de c\u00f3digo arbitrario o provocar incluso una denegaci\u00f3n de servicio (consumo de memoria y CPU), aprovechando el soporte Action Pack para los conversores de tipo YALM . Vulnerabilidad similar a CVE-2013-0156."}], "lastModified": "2026-01-07T19:27:17.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED5857F-9ABD-45AA-8C4B-2B269C6C1481", "versionEndIncluding": "0.9.0"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A4B16E-13D0-4E9A-8C72-6A1081571865"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29711B3B-8476-4568-88F4-75ED5C0A7047"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44343172-7A9B-49BC-812D-0F43066D5591"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7A18013-FA26-4DDA-A89C-21EC3A1B72F4"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F03732EB-484D-4331-BEAA-EB77E7A71C48"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF35A697-E318-4A3B-8AE2-57735BFAA98C"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D554267-914B-4C99-B601-5E667296A643"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EDD40E9-7404-498C-81B6-B66867DFF1B4"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "689F81DE-0A25-4E88-9E3B-C43AEEE567E1"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9521F0-11EE-4031-98BC-9E184670DF48"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55664D1C-3E21-4B80-85E5-E55144C0EAAD"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB08A3C1-FDF3-411E-A155-58AAC8EB3E3A"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B65C4F7-8BEF-4E10-9389-D1C857E96CA5"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18D8DA1C-74D9-4B73-B119-F5F80425C1FD"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABDB453F-6346-424C-A382-7ADBE65994B4"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6213EA1B-6C9C-4F40-A8D7-92C43752F563"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1C9B9E9-13C8-4B9E-9124-2F32F54D6915"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "026952C2-36DE-4591-835F-1324CEAA1C82"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA9AAB6C-7499-4C1B-A729-BC1DADA82B49"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14462D58-D4A2-4A66-BD52-716C32AF79F3"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E67E118F-BF27-460B-9371-CAB848266B59"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DE27474-24BD-4097-BB17-E66CA4E01496"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A205E25-6924-417D-A2BF-D2075FBFA595"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A970523F-713A-4D98-B97F-B49C0434BF21"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "230E2E2E-C3FF-41F8-B6E0-C4E024B13102"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCCA473E-7D3A-4BB2-8D5B-93CBDE4F801C"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93D8289A-8834-4952-9C93-29B8FB5F7830"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "467AAA79-E7F6-4CE6-841F-34810B37060A"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A1132A-8C54-48B2-9D63-C7CAE705927A"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1093336-1197-42F1-8DD7-AA37D46636F6"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EF331F5-CD97-4303-8D60-191722CBAB24"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84DEC960-1853-4494-8028-44D2E18C5D61"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65CD93F2-A028-443F-BA81-1EB96BFB3635"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD0950F8-2B1C-4EC8-8C32-312AEEB215EA"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C14DF30-2592-4032-BD1A-21B10A0E939B"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB05F5F-E22F-4AED-965E-9D632C7E65E5"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECA12B0D-8A70-443B-B005-8DD505F3AA52"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA83B2B5-DDCC-4C4C-BC8A-2726ACC87CA7"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B42A50E-B624-4D06-9F67-CCC47B0A6CDF"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DADEDB3F-6D9B-4450-B6A9-ACFEF29DE94C"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C40FB5C7-BDA6-4367-A24B-BBB3048F9E1F"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6264245A-8779-45B1-B9EE-2EC7A2CF91D9"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62AABC5D-CAC9-4C4B-A182-EB9E0FB112B2"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45765FAD-3D80-498B-8CA3-E483ECF15DC2"}, {"criteria": "cpe:2.3:a:jnunemaker:httparty:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E261B7B-47B7-4E8F-830E-28E232B7548A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}