httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| httparty(RubyGems) | 0 | 0.21.0 | N/A |
CVSS Metrics
