httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers.
Advisories for Gem/Httparty package
2025
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers.
2024
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
2023
Improper Neutralization
Improper Neutralization in httparty.
2013
Parameter parsing vulnerabilities
Similar to CVE-2013-0156 (Rails issue)