Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-22049

Опубликовано: 04 янв. 2024
Источник: debian

Описание

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-httpartyfixed0.21.0-1package

Примечания

  • https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

  • https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e (v0.21.0)

Связанные уязвимости

ubuntu логотип

CVE-2024-22049

CVSS3: 5.3
ubuntu
около 2 лет назад

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

nvd логотип

CVE-2024-22049

CVSS3: 5.3
nvd
около 2 лет назад

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

github логотип

GHSA-5pq7-52mg-hr42

CVSS3: 6.5
github
около 3 лет назад

httparty has multipart/form-data request tampering vulnerability