CVE-2025-68696

httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
ruby-httparty
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
bookworm
vulnerable
trixie
vulnerable
Common Weakness Enumeration
References
https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4