High severityNVD Advisory· Published Apr 9, 2013· Updated Jun 16, 2026
CVE-2013-1801
CVE-2013-1801
Description
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
httpartyRubyGems | < 0.10.0 | 0.10.0 |
Affected products
47cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*+ 45 more
- cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*range: <=0.9.0
- cpe:2.3:a:jnunemaker:httparty:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:jnunemaker:httparty:0.8.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- github.com/jnunemaker/httparty/commit/53a812426dd32108d6cba4272b493aa03bc8c031nvdExploitPatchWEB
- github.com/advisories/GHSA-mgx3-27hr-mfgpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1801ghsaADVISORY
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2013-1801.ymlghsaWEB
- support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediatelynvdWEB
- web.archive.org/web/20200229101716/http://www.securityfocus.com/bid/58260ghsaWEB
- www.securityfocus.com/bid/58260nvd
News mentions
0No linked articles in our index yet.