CVE-2024-22049 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VulnCheck	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
john_nunemaker	httparty	𝑥 < 0.21.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ruby-httparty

bullseye	vulnerable
bullseye (security)	0.18.1-2+deb11u1 fixed
sid	0.21.0-1 fixed
trixie	0.21.0-1 fixed
bookworm	0.21.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

ruby-httparty

plucky	not-affected
oracular	not-affected
noble	not-affected
mantic	not-affected
lunar	not-affected
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-472 - External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

https://github.com/advisories/GHSA-5pq7-52mg-hr42

https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43

https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e

https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

https://lists.debian.org/debian-lts-announce/2024/01/msg00011.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LDGAVPR4KB72V4GGQCWODEAI72QZI3V/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOWECZPJY6JZIA5FSBJR77KCRDXWDZDA/

https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42

https://github.com/advisories/GHSA-5pq7-52mg-hr42

https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43

https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e

https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

https://lists.debian.org/debian-lts-announce/2024/01/msg00011.html

https://lists.debian.org/debian-lts-announce/2024/09/msg00043.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LDGAVPR4KB72V4GGQCWODEAI72QZI3V/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOWECZPJY6JZIA5FSBJR77KCRDXWDZDA/

https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42