Description
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
Scores
CVSS v3
8.2
EPSS
0.0007
EPSS Percentile
22.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
jnunemaker/httparty
< 0.24.0
rubygems/httparty
0 - 0.24.0RubyGems
Published
Dec 23, 2025
Tracked Since
Feb 18, 2026