-
-
Notifications
You must be signed in to change notification settings - Fork 219
/
CVE-2024-22049.yml
28 lines (26 loc) · 1.35 KB
/
CVE-2024-22049.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
---
gem: httparty
cve: 2024-22049
ghsa: 5pq7-52mg-hr42
url: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
title: httparty has multipart/form-data request tampering vulnerability
date: 2023-01-03
description: |
HTTP multipart/form-data request tampering vulnerability in httparty < 0.20.0,
due to lack of proper escaping of double quotes within the filename attribute
of the Content-Disposition header. If the Content-Disposition header is set to
"form-data" and contains the "filename" attribute, and the "filename"
attribute contains a double quote followed by additional attributes, then
those attributes will be parsed as Content-Disposition attributes and will
override the Content-Disposition header's previous attributes.
Content-Disposition: form-data; name="avatar"; filename="overwrite_name_field_and_extension.sh"; name="foo"; dummy=".txt"
cvss_v3: 6.5
patched_versions:
- ">= 0.21.0"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2024-22049
- https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
- https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e
- https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43
- https://github.com/advisories/GHSA-5pq7-52mg-hr42