CVE-2024-22049
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD
Description
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
Affected (5)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 | |
| Version 38 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 0.21.0 |
References (17)
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
Exploit
Source: disclosure@vulncheck.com
Patch
Source: disclosure@vulncheck.com
ExploitPatchVendor Advisory
Source: disclosure@vulncheck.com
Mailing ListThird Party Advisory
Source: disclosure@vulncheck.com
Mailing List
Source: disclosure@vulncheck.com
Mailing List
Source: disclosure@vulncheck.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Timeline
No history available yet.