Httparty

httparty

Vendor: Jnunemaker • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-68696 1Jnunemaker 1Httparty Apr 29, 2026 Dec 23, 2025 7.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue...Show more httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.Show less
CVE-2024-22049 3Debian FedoraprojectJnunemaker 3Debian Linux FedoraHttparty Jan 7, 2026 Jan 4, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could resu...Show more httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.Show less
CVE-2013-1801 1Jnunemaker 1Httparty Apr 29, 2026 Apr 9, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of servi...Show more The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.Show less