CVE-2025-68696

EUVD-2025-204848
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
jnunemakerhttparty
𝑥
< 0.24.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ruby-httparty
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
0.24.2-2
fixed
sid
0.24.2-2
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-httparty
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4