CVE-2017-0907

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:recurly:recurly_client_.net:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.1.9:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:recurly:recurly_client_.net:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.2.7:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:recurly:recurly_client_.net:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.3.1:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:recurly:recurly_client_.net:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.4.13:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:recurly:recurly_client_.net:1.5.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:a:recurly:recurly_client_.net:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:recurly:recurly_client_.net:1.6.1:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:recurly:recurly_client_.net:1.7.0:*:*:*:*:*:*:*

Configuration 9 (hide)

cpe:2.3:a:recurly:recurly_client_.net:1.8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:03

Type Values Removed Values Added
References () https://dev.recurly.com/page/net-updates - Vendor Advisory () https://dev.recurly.com/page/net-updates - Vendor Advisory
References () https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1 - Patch, Third Party Advisory () https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1 - Patch, Third Party Advisory
References () https://hackerone.com/reports/288635 - Permissions Required () https://hackerone.com/reports/288635 - Permissions Required

Information

Published : 2017-11-13 17:29

Updated : 2024-11-21 03:03


NVD link : CVE-2017-0907

Mitre link : CVE-2017-0907

CVE.ORG link : CVE-2017-0907


JSON object : View

Products Affected

recurly

  • recurly_client_.net
CWE
CWE-918

Server-Side Request Forgery (SSRF)