Описание
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
A flaw was found in httparty, an API tool. This Server-Side Request Forgery (SSRF) vulnerability allows an attacker to trick the server into making requests to internal resources or other external domains on their behalf. This can lead to the disclosure of sensitive information, such as API keys, and enable unauthorized access to internal servers.
Отчет
This vulnerability is rated Important for Red Hat as it affects rubygem-httparty in Fedora. The Server-Side Request Forgery (SSRF) flaw in httparty versions 0.23.2 and prior could lead to the leakage of API keys and allow unauthorized requests to internal servers. This impacts applications utilizing httparty for API interactions within the Red Hat ecosystem.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
EPSS
9.3 Critical
CVSS3
Связанные уязвимости
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
httparty is an API tool. In versions 0.23.2 and prior, httparty is vul ...
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
EPSS
9.3 Critical
CVSS3