Search for packages
| purl | pkg:gem/httparty@0.15.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6c1q-hsp4-mudk
Aliases: CVE-2024-22049 GHSA-5pq7-52mg-hr42 GMS-2023-1 |
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. |
Affected by 1 other vulnerability. |
|
VCID-6y9u-2wrn-ekcb
Aliases: GHSA-g47j-3m2m-74qv |
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability |
Affected by 1 other vulnerability. |
|
VCID-qct7-1myn-3qbt
Aliases: CVE-2025-68696 GHSA-hm5p-x4rq-38w4 |
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T09:26:59.573752+00:00 | Ruby Importer | Affected by | VCID-qct7-1myn-3qbt | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2025-68696.yml | 38.6.0 |
| 2026-06-13T09:22:44.273344+00:00 | Ruby Importer | Affected by | VCID-6c1q-hsp4-mudk | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/httparty/CVE-2024-22049.yml | 38.6.0 |
| 2026-06-12T20:42:05.548755+00:00 | GitLab Importer | Affected by | VCID-qct7-1myn-3qbt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/httparty/CVE-2025-68696.yml | 38.6.0 |
| 2026-06-12T19:16:02.949463+00:00 | GitLab Importer | Affected by | VCID-6y9u-2wrn-ekcb | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/httparty/GHSA-g47j-3m2m-74qv.yml | 38.6.0 |