64 matches found
Code injection
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
CVE-2024-22049
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
UBUNTU-CVE-2024-22049
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
CVE-2024-22049
CVE-2024-22049 affects the Ruby library ruby-httparty (pre-0.21.0) and allows a remote, unauthenticated attacker to tamper multipart/form-data uploads by supplying a crafted filename parameter, resulting in attacker-controlled filenames being written. This is described as an assumed-immutable web...
CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
CVE-2024-22049
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...
httparty Security Vulnerabilities
httparty is a library by the individual developer John Nunemaker. A security vulnerability exists in httparty versions prior to 0.21.0, which stems from a lack of escaping of the Content-Disposition filename in httparty, leading to request tampering...
Request Tampering
httparty is vulnerable to Request Tampering. A remote attacker is able to rewrite the name field according to the crafted file name, impersonating another field and rewrite the filename extension at the time multipart/form-data is generated by tampering with the filename due to the lack of escapi...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...
GHSA-5PQ7-52MG-HR42 httparty has multipart/form-data request tampering vulnerability
Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. httparty/lib/httparty/request body.rb def generatemultipart...
httparty has multipart/form-data request tampering vulnerability
Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. httparty/lib/httparty/request body.rb def generatemultipart...
PT-2023-32945 · Httparty +3 · Httparty +3
Name of the Vulnerable Software and Affected Versions: httparty versions prior to 0.21.0 Description: A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads, which could result in attacker-controlled filenames being written. This issue is...
httparty has multipart/form-data request tampering vulnerability
HTTP multipart/form-data request tampering vulnerability in httparty 0.20.0, due to lack of proper escaping of double quotes within the filename attribute of the Content-Disposition header. If the Content-Disposition header is set to "form-data" and contains the "filename" attribute, and the...
Exploit for Path Traversal in Grafana
CVE-2021-43798 !Alt texthttps://github.com/z3n70/CVE-...
GHSA-MGX3-27HR-MFGP HTTParty does not restrict casts of string values
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...
HTTParty does not restrict casts of string values
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...
CVE-2013-1801
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...
Type confusion
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...