John Nunemaker

3 exploits Active since Apr 2013
CVE-2013-1800 WRITEUP WRITEUP
crack < 0.3.1 - Remote Code Execution via String Cast Injection
The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
CVE-2013-1801 WRITEUP WRITEUP
httparty < 0.9.0 - Remote Code Execution via YAML Type Conversion
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
CVE-2025-68696 WRITEUP HIGH WRITEUP
httparty < 0.24.0 - Server-Side Request Forgery
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
CVSS 8.2