Motoyasu-Saburi

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The `filename` parameter of the `Context.FileAttachment` function is not properly sanitized. A maliciously crafted `filename` can cause the `Content-Disposition` header to be sent with an unexpected `filename` value or otherwise modify the `Content-Disposition` header. For example, a `filename` of "setup.bat;x=.txt" will be sent as a file named "setup.bat". If the `FileAttachment` function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the `Content-Disposition` header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** httparty versions prior to 0.21.0 **Description** A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads, which could result in attacker-controlled filenames being written. This issue is caused by the lack of escaping of the `"` (Double-Quote) character in Content-Disposition > filename. The vulnerability can be exploited to rewrite the "name" field and filename extension, potentially leading to successful or unsuccessful attacks depending on the behavior of the parser receiving the request. The issue has been confirmed to affect frameworks such as Spring, Ktor, and Ruby on Rails. **Recommendations** To resolve the issue, update httparty to version 0.21.0 or later. As a temporary workaround, consider modifying the Content-Disposition header to properly escape the `"` (Double-Quote) character in filenames, for example, by replacing `"` with `%22`. Additionally, URL encoding of `r` and ` ` characters in filenames can provide extra safety.

**Name of the Vulnerable Software and Affected Versions** Sinatra versions 2.0 through 2.2.2 Sinatra versions 3.0 through 3.0.3 **Description** The issue is related to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. This allows an attacker to execute arbitrary code. The vulnerability is associated with the loading of code without checking its integrity. **Recommendations** For Sinatra versions 2.0 through 2.2.2, update to version 2.2.3 to resolve the issue. For Sinatra versions 3.0 through 3.0.3, update to version 3.0.4 to resolve the issue. As a temporary workaround, consider restricting the use of user-supplied input in the filename to minimize the risk of exploitation.