httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
CVE-2024-22049 - Medium Severity Vulnerability
Makes http fun! Also, makes consuming restful web services dead easy.
Library home page: https://rubygems.org/gems/httparty-0.13.7.gem
Path to dependency file: /Test_2/fs-agent-master/fs-agent-master/src/test/resources/resolver/ruby/Gemfile.lock
Path to vulnerable library: /gems/2.3.0/cache/httparty-0.13.7.gem
Dependency Hierarchy: - :x: **httparty-0.13.7.gem** (Vulnerable Library)
Found in base branch: master
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
Publish Date: 2024-01-04
URL: CVE-2024-22049
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-22049
Release Date: 2024-01-04
Fix Resolution: httparty - 0.21.0
Step up your Open Source Security Game with Mend here