VYPR
High severityNVD Advisory· Published Apr 9, 2013· Updated Jun 16, 2026

CVE-2013-1801

CVE-2013-1801

Description

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
httpartyRubyGems
< 0.10.00.10.0

Affected products

47
  • Jnunemaker/Httparty46 versions
    cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*+ 45 more
    • cpe:2.3:a:jnunemaker:httparty:*:*:*:*:*:*:*:*range: <=0.9.0
    • cpe:2.3:a:jnunemaker:httparty:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:jnunemaker:httparty:0.8.3:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.10.0

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.