Описание
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ruby-httparty | unfixed | package | ||
| ruby-httparty | no-dsa | trixie | package | |
| ruby-httparty | no-dsa | bookworm | package | |
| ruby-httparty | postponed | bullseye | package |
Примечания
https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
Fixed by: https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240
EPSS
Связанные уязвимости
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
EPSS