EUVD-2023-0342

Malicious code in bioql PyPI...

GHSA-G47J-3M2M-74QV Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticate...

CVE-2024-22049

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...

CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...

External Control of Assumed-Immutable Web Parameter

Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...

PT-2023-32945 · Httparty +3 · Httparty +3

Name of the Vulnerable Software and Affected Versions: httparty versions prior to 0.21.0 Description: A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads, which could result in attacker-controlled filenames being written. This issue is...