10 matches found
[SECURITY] [DLA 3900-1] ruby-httparty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 28, 2024 https://wiki.debian.org/LTS -...
Debian dla-3900 : ruby-httparty - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3900 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/...
Fedora 40 : rubygem-httparty (2024-a1ce4ef332)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a1ce4ef332 advisory. Automatic update for rubygem-httparty-0.21.0-1.fc40. Changelog Fri Jan 5 2024 Vt Ondruch - 0.21.0-1 - Update to HTTParty 0.20.0. Resolves: rhbz17016...
[SECURITY] [DLA 3716-1] ruby-httparty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3716-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 23, 2024 https://wiki.debian.org/LTS -...
Fedora: Security Advisory for rubygem-httparty (FEDORA-2024-a5aad4eede)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : rubygem-httparty (2024-2648dd2e0e)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2648dd2e0e advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...
Fedora 38 : rubygem-httparty (2024-a5aad4eede)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...
CVE-2024-22049
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
CVE-2024-22049
CVE-2024-22049 affects the Ruby library ruby-httparty (pre-0.21.0) and allows a remote, unauthenticated attacker to tamper multipart/form-data uploads by supplying a crafted filename parameter, resulting in attacker-controlled filenames being written. This is described as an assumed-immutable web...
CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...