Skip to main content

CVE-2024-22049: CWE-472 External Control of Assumed-Immutable Web Parameter

Medium
VulnerabilityCVE-2024-22049cvecve-2024-22049cwe-472
Published: Thu Jan 04 2024 (01/04/2024, 20:19:02 UTC)
Source: CVE Database V5

Description

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

AI-Powered Analysis

AILast updated: 07/03/2025, 23:55:05 UTC

Technical Analysis

CVE-2024-22049 is a medium-severity vulnerability affecting the httparty Ruby gem versions prior to 0.21.0. The vulnerability is categorized under CWE-472, which involves external control of an assumed-immutable web parameter. Specifically, the issue arises during multipart/form-data uploads where an attacker can supply a crafted 'filename' parameter. This parameter is assumed by the application to be immutable or safe, but due to insufficient validation or sanitization, the attacker can control the filename used when writing uploaded files to the server. The vulnerability is remotely exploitable without authentication or user interaction, as the attacker only needs to send a specially crafted HTTP request to trigger the flaw. The impact is limited to integrity, as the attacker can influence the filenames of uploaded files, potentially overwriting or creating files with attacker-controlled names. There is no direct impact on confidentiality or availability. The CVSS v3.1 score is 5.3 (medium), reflecting the ease of exploitation (network vector, no privileges required, no user interaction) but limited impact scope and severity. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, but upgrading to httparty version 0.21.0 or later is implied as a mitigation. This vulnerability highlights the risk of trusting client-supplied parameters without proper validation, especially in file upload contexts where filename control can lead to unintended file writes or overwrites.

Potential Impact

For European organizations, the primary risk from CVE-2024-22049 lies in potential integrity violations of file storage systems where httparty is used for handling multipart uploads. Attackers could manipulate filenames to overwrite critical files or place malicious files in sensitive directories if the application does not implement additional safeguards. This could lead to further exploitation such as privilege escalation, persistent backdoors, or disruption of application logic. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact could facilitate secondary attacks or data tampering. Organizations in sectors with strict data integrity and compliance requirements (e.g., finance, healthcare, government) may face regulatory or reputational consequences if exploited. The lack of authentication requirement increases the risk surface, especially for publicly accessible web services using vulnerable httparty versions. However, the absence of known exploits and the medium severity suggest that immediate widespread impact is limited but should not be ignored.

Mitigation Recommendations

European organizations should immediately audit their use of the httparty gem in their applications, particularly versions prior to 0.21.0. The primary mitigation is to upgrade httparty to version 0.21.0 or later where this vulnerability is addressed. Additionally, developers should implement strict validation and sanitization of all client-supplied parameters, especially filenames in file uploads, to prevent injection or overwriting attacks. Employing allowlists for acceptable filename characters and patterns, enforcing maximum filename lengths, and normalizing paths to prevent directory traversal are recommended. Applications should also isolate uploaded files in dedicated directories with restrictive permissions to limit the impact of malicious filenames. Monitoring file system changes and implementing anomaly detection for unusual file writes can provide early warning. Finally, organizations should review their incident response plans to include scenarios involving file integrity compromise via upload mechanisms.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2024-01-04T18:44:53.108Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683f0dc2182aa0cae27ff43b

Added to database: 6/3/2025, 2:59:14 PM

Last enriched: 7/3/2025, 11:55:05 PM

Last updated: 8/15/2025, 12:59:31 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats