httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-01-04T20:19:02.547Z
Updated: 2024-09-28T12:03:40.887Z
Reserved: 2024-01-04T18:44:53.108Z
Link: CVE-2024-22049
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-04T21:15:10.013
Modified: 2024-11-21T08:55:27.680
Link: CVE-2024-22049
Redhat
No data.