Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby httparty Gem XML参数解析漏洞
Vulnerability Description
Ruby HTTParty是Ruby的一个简单的HTTP/REST客户端库。 Ruby httparty gem 0.9.0和较早的版本没有正确限制字符串值的类型转换。这使得攻击者可以通过利用Action Pack对YAML类型转换或Symbol转换的支持,实施注入攻击并执行任意代码,或导致拒绝服务(内存和CUP耗尽)。
CVSS Information
N/A
Vulnerability Type
N/A