The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
References
Link | Resource |
---|---|
https://dev.recurly.com/page/python-updates | Vendor Advisory |
https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742 | Patch Third Party Advisory |
https://hackerone.com/reports/288635 | Permissions Required |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
No history.
Information
Published : 2017-11-13 17:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-0906
Mitre link : CVE-2017-0906
CVE.ORG link : CVE-2017-0906
JSON object : View
Products Affected
recurly
- recurly_client_python
CWE
CWE-918
Server-Side Request Forgery (SSRF)