GHSA-g47j-3m2m-74qv – httparty

Package

Manager: gem
Name: httparty
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. ### Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

Metadata

Created: 2024-01-04T21:30:24Z
Modified: 2025-02-13T19:30:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-g47j-3m2m-74qv/GHSA-g47j-3m2m-74qv.json
CWE IDs: ["CWE-472", "CWE-668"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0