CVE-2024-22049

Summary

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

Affected Software

VendorProductVersion RangeStatus
0 <= 0.20.0affected

Weaknesses

  • CWE-472: CWE-472 External Control of Assumed-Immutable Web Parameter

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References