Search criteria
1 vulnerability by jnunemaker
CVE-2025-68696 (GCVE-0-2025-68696)
Vulnerability from cvelistv5 – Published: 2025-12-23 22:59 – Updated: 2025-12-24 14:31
VLAI?
Title
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
Summary
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jnunemaker | httparty |
Affected:
<= 0.23.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68696",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T14:31:55.287593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T14:31:58.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "httparty",
"vendor": "jnunemaker",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.23.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T22:59:04.201Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4"
},
{
"name": "https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240"
}
],
"source": {
"advisory": "GHSA-hm5p-x4rq-38w4",
"discovery": "UNKNOWN"
},
"title": "httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68696",
"datePublished": "2025-12-23T22:59:04.201Z",
"dateReserved": "2025-12-23T17:11:35.076Z",
"dateUpdated": "2025-12-24T14:31:58.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}