CVE-2024-22049: CWE-472 External Control of Assumed-Immutable Web Parameter
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
AI Analysis
Technical Summary
CVE-2024-22049 is a medium-severity vulnerability affecting the httparty Ruby gem versions prior to 0.21.0. The vulnerability is categorized under CWE-472, which involves external control of an assumed-immutable web parameter. Specifically, the issue arises during multipart/form-data uploads where an attacker can supply a crafted 'filename' parameter. This parameter is assumed by the application to be immutable or safe, but due to insufficient validation or sanitization, the attacker can control the filename used when writing uploaded files to the server. The vulnerability is remotely exploitable without authentication or user interaction, as the attacker only needs to send a specially crafted HTTP request to trigger the flaw. The impact is limited to integrity, as the attacker can influence the filenames of uploaded files, potentially overwriting or creating files with attacker-controlled names. There is no direct impact on confidentiality or availability. The CVSS v3.1 score is 5.3 (medium), reflecting the ease of exploitation (network vector, no privileges required, no user interaction) but limited impact scope and severity. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, but upgrading to httparty version 0.21.0 or later is implied as a mitigation. This vulnerability highlights the risk of trusting client-supplied parameters without proper validation, especially in file upload contexts where filename control can lead to unintended file writes or overwrites.
Potential Impact
For European organizations, the primary risk from CVE-2024-22049 lies in potential integrity violations of file storage systems where httparty is used for handling multipart uploads. Attackers could manipulate filenames to overwrite critical files or place malicious files in sensitive directories if the application does not implement additional safeguards. This could lead to further exploitation such as privilege escalation, persistent backdoors, or disruption of application logic. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact could facilitate secondary attacks or data tampering. Organizations in sectors with strict data integrity and compliance requirements (e.g., finance, healthcare, government) may face regulatory or reputational consequences if exploited. The lack of authentication requirement increases the risk surface, especially for publicly accessible web services using vulnerable httparty versions. However, the absence of known exploits and the medium severity suggest that immediate widespread impact is limited but should not be ignored.
Mitigation Recommendations
European organizations should immediately audit their use of the httparty gem in their applications, particularly versions prior to 0.21.0. The primary mitigation is to upgrade httparty to version 0.21.0 or later where this vulnerability is addressed. Additionally, developers should implement strict validation and sanitization of all client-supplied parameters, especially filenames in file uploads, to prevent injection or overwriting attacks. Employing allowlists for acceptable filename characters and patterns, enforcing maximum filename lengths, and normalizing paths to prevent directory traversal are recommended. Applications should also isolate uploaded files in dedicated directories with restrictive permissions to limit the impact of malicious filenames. Monitoring file system changes and implementing anomaly detection for unusual file writes can provide early warning. Finally, organizations should review their incident response plans to include scenarios involving file integrity compromise via upload mechanisms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Poland
CVE-2024-22049: CWE-472 External Control of Assumed-Immutable Web Parameter
Description
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
AI-Powered Analysis
Technical Analysis
CVE-2024-22049 is a medium-severity vulnerability affecting the httparty Ruby gem versions prior to 0.21.0. The vulnerability is categorized under CWE-472, which involves external control of an assumed-immutable web parameter. Specifically, the issue arises during multipart/form-data uploads where an attacker can supply a crafted 'filename' parameter. This parameter is assumed by the application to be immutable or safe, but due to insufficient validation or sanitization, the attacker can control the filename used when writing uploaded files to the server. The vulnerability is remotely exploitable without authentication or user interaction, as the attacker only needs to send a specially crafted HTTP request to trigger the flaw. The impact is limited to integrity, as the attacker can influence the filenames of uploaded files, potentially overwriting or creating files with attacker-controlled names. There is no direct impact on confidentiality or availability. The CVSS v3.1 score is 5.3 (medium), reflecting the ease of exploitation (network vector, no privileges required, no user interaction) but limited impact scope and severity. No known exploits are currently reported in the wild, and no official patches are linked in the provided data, but upgrading to httparty version 0.21.0 or later is implied as a mitigation. This vulnerability highlights the risk of trusting client-supplied parameters without proper validation, especially in file upload contexts where filename control can lead to unintended file writes or overwrites.
Potential Impact
For European organizations, the primary risk from CVE-2024-22049 lies in potential integrity violations of file storage systems where httparty is used for handling multipart uploads. Attackers could manipulate filenames to overwrite critical files or place malicious files in sensitive directories if the application does not implement additional safeguards. This could lead to further exploitation such as privilege escalation, persistent backdoors, or disruption of application logic. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact could facilitate secondary attacks or data tampering. Organizations in sectors with strict data integrity and compliance requirements (e.g., finance, healthcare, government) may face regulatory or reputational consequences if exploited. The lack of authentication requirement increases the risk surface, especially for publicly accessible web services using vulnerable httparty versions. However, the absence of known exploits and the medium severity suggest that immediate widespread impact is limited but should not be ignored.
Mitigation Recommendations
European organizations should immediately audit their use of the httparty gem in their applications, particularly versions prior to 0.21.0. The primary mitigation is to upgrade httparty to version 0.21.0 or later where this vulnerability is addressed. Additionally, developers should implement strict validation and sanitization of all client-supplied parameters, especially filenames in file uploads, to prevent injection or overwriting attacks. Employing allowlists for acceptable filename characters and patterns, enforcing maximum filename lengths, and normalizing paths to prevent directory traversal are recommended. Applications should also isolate uploaded files in dedicated directories with restrictive permissions to limit the impact of malicious filenames. Monitoring file system changes and implementing anomaly detection for unusual file writes can provide early warning. Finally, organizations should review their incident response plans to include scenarios involving file integrity compromise via upload mechanisms.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2024-01-04T18:44:53.108Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683f0dc2182aa0cae27ff43b
Added to database: 6/3/2025, 2:59:14 PM
Last enriched: 7/3/2025, 11:55:05 PM
Last updated: 8/15/2025, 12:59:31 AM
Views: 11
Related Threats
CVE-2025-8293: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Theerawat Patthawee Intl DateTime Calendar
MediumCVE-2025-7686: CWE-352 Cross-Site Request Forgery (CSRF) in lmyoaoa weichuncai(WP伪春菜)
MediumCVE-2025-7684: CWE-352 Cross-Site Request Forgery (CSRF) in remysharp Last.fm Recent Album Artwork
MediumCVE-2025-7683: CWE-352 Cross-Site Request Forgery (CSRF) in janyksteenbeek LatestCheckins
MediumCVE-2025-7668: CWE-352 Cross-Site Request Forgery (CSRF) in timothyja Linux Promotional Plugin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.