httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-01-04T20:19:02.547Z
Updated: 2024-01-04T20:19:02.547Z
Reserved: 2024-01-04T18:44:53.108Z
Link: CVE-2024-22049
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-04T21:15:10.013
Modified: 2024-01-23T19:15:08.283
Link: CVE-2024-22049
JSON object: View
Redhat Information
No data.