CVE-2025-68696

Published: Dec 23, 2025Modified: Apr 29, 2026

7.8

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security-advisories@github.com (Secondary)

Description

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.

Affected (1)

Products: Jnunemaker: Httparty

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jnunemaker Httparty	Before 0.24.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (3)

https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240

Source: security-advisories@github.com

Patch

https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.