Advisories for Gem/Httparty package

There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers.

This advisory duplicates another.

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

Improper Neutralization in httparty.

Similar to CVE-2013-0156 (Rails issue)