Arbitrary Code Execution Affecting httparty package, versions < 0.10.0


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
4.41% (91st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RUBY-HTTPARTY-20053
  • published13 Jan 2013
  • disclosed13 Jan 2013
  • creditUnknown

Introduced: 13 Jan 2013

CVE-2013-1801  (opens in a new tab)
CWE-94  (opens in a new tab)

Overview

httparty makes consuming restful web services easy. Affected versions of this gem contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.

CVSS Base Scores

version 3.1