Path to dependency file: /test/acceptance/workspaces/mono-repo-project/Gemfile.lock
Path to vulnerable library: /test/acceptance/workspaces/mono-repo-project/Gemfile.lock,/test/acceptance/workspaces/mono-repo-project-manifests-only/Gemfile.lock
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
CVE-2024-22049 - Medium Severity Vulnerability
Makes http fun! Also, makes consuming restful web services dead easy.
Library home page: https://rubygems.org/gems/httparty-0.8.1.gem
Path to dependency file: /test/acceptance/workspaces/mono-repo-project/Gemfile.lock
Path to vulnerable library: /test/acceptance/workspaces/mono-repo-project/Gemfile.lock,/test/acceptance/workspaces/mono-repo-project-manifests-only/Gemfile.lock
Dependency Hierarchy: - :x: **httparty-0.8.1.gem** (Vulnerable Library)
Found in HEAD commit: 9505f4ca92405cc9273dc3726c2d274ce28a4407
Found in base branch: ALL_HANDS/major-secrets
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
Publish Date: 2024-01-04
URL: CVE-2024-22049
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-22049
Release Date: 2024-01-04
Fix Resolution: httparty - 0.21.0
Step up your Open Source Security Game with Mend here