Jnunemaker: >> Httparty >> 0.15.4 Security Vulnerabilities
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-12-23
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
CVSS Score
5.3
EPSS Score
0.012
Published
2024-01-04