Tasha Drew

**Name of the Vulnerable Software and Affected Versions** crack gem versions 0.3.1 and earlier **Description** The issue is related to the improper restriction of casts of string values, which could allow remote attackers to conduct object-injection attacks, execute arbitrary code, or cause a denial of service by consuming memory and CPU. This is achieved by leveraging Action Pack support for YAML type conversion or Symbol type conversion. **Recommendations** For crack gem versions 0.3.1 and earlier, update to a version later than 0.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** httparty gem version 0.9.0 and earlier **Description** The issue is related to the improper restriction of casts of string values, which could allow remote attackers to conduct object-injection attacks. This might lead to the execution of arbitrary code or cause a denial of service due to memory and CPU consumption. The vulnerability is related to Action Pack support for YAML type conversion. **Recommendations** For httparty gem version 0.9.0 and earlier, update to a version later than 0.9.0 to resolve the issue.