CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:recurly:recurly_client_python:2.3.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:recurly:recurly_client_python:2.5.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:recurly:recurly_client_python:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_python:2.6.1:*:*:*:*:*:*:*

History

21 Nov 2024, 03:03

Type Values Removed Values Added
References () https://dev.recurly.com/page/python-updates - Vendor Advisory () https://dev.recurly.com/page/python-updates - Vendor Advisory
References () https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742 - Patch, Third Party Advisory () https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742 - Patch, Third Party Advisory
References () https://hackerone.com/reports/288635 - Permissions Required () https://hackerone.com/reports/288635 - Permissions Required

Information

Published : 2017-11-13 17:29

Updated : 2024-11-21 03:03


NVD link : CVE-2017-0906

Mitre link : CVE-2017-0906

CVE.ORG link : CVE-2017-0906


JSON object : View

Products Affected

recurly

  • recurly_client_python
CWE
CWE-918

Server-Side Request Forgery (SSRF)