Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Httparty
(John_nunemaker)| Repositories | https://github.com/jnunemaker/httparty |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-04 | CVE-2024-22049 | httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. | Httparty | 5.3 | ||
| 2013-04-09 | CVE-2013-1801 | The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156. | Httparty | N/A |