Lucene search
+L

10 matches found

Debian
Debian
added 2024/09/28 10:5 a.m.14 views

[SECURITY] [DLA 3900-1] ruby-httparty security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 28, 2024 https://wiki.debian.org/LTS -...

5.3CVSS6.4AI score0.0129EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/09/28 12:0 a.m.14 views

Debian dla-3900 : ruby-httparty - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3900 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3900-1 [email protected] https://www.debian.org/lts/security/...

5.3CVSS5.6AI score0.0129EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.14 views

Fedora 40 : rubygem-httparty (2024-a1ce4ef332)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a1ce4ef332 advisory. Automatic update for rubygem-httparty-0.21.0-1.fc40. Changelog Fri Jan 5 2024 Vt Ondruch - 0.21.0-1 - Update to HTTParty 0.20.0. Resolves: rhbz17016...

5.3CVSS5.8AI score0.0129EPSS
Exploits1References2
Debian
Debian
added 2024/01/23 5:59 p.m.67 views

[SECURITY] [DLA 3716-1] ruby-httparty security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3716-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 23, 2024 https://wiki.debian.org/LTS -...

5.3CVSS5.1AI score0.0129EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/01/18 12:0 a.m.17 views

Fedora: Security Advisory for rubygem-httparty (FEDORA-2024-a5aad4eede)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.4AI score0.0129EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/13 12:0 a.m.21 views

Fedora 39 : rubygem-httparty (2024-2648dd2e0e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2648dd2e0e advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...

5.3CVSS5.8AI score0.0129EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/13 12:0 a.m.17 views

Fedora 38 : rubygem-httparty (2024-a5aad4eede)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...

5.3CVSS5.8AI score0.0129EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/01/04 9:15 p.m.23 views

CVE-2024-22049

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...

5.3CVSS6.1AI score0.0129EPSS
Exploits1References7
CVE
CVE
added 2024/01/04 8:19 p.m.79 views

CVE-2024-22049

CVE-2024-22049 affects the Ruby library ruby-httparty (pre-0.21.0) and allows a remote, unauthenticated attacker to tamper multipart/form-data uploads by supplying a crafted filename parameter, resulting in attacker-controlled filenames being written. This is described as an assumed-immutable web...

5.3CVSS5AI score0.0129EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2024/01/04 8:19 p.m.44 views

CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...

5.4AI score0.0129EPSS
Exploits1References8
Rows per page
Query Builder