ID CVE-2017-0906
Summary The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
References
Vulnerable Configurations
  • cpe:2.3:a:recurly:recurly_client_python:2.3.0
    cpe:2.3:a:recurly:recurly_client_python:2.3.0
  • cpe:2.3:a:recurly:recurly_client_python:2.5.0
    cpe:2.3:a:recurly:recurly_client_python:2.5.0
  • cpe:2.3:a:recurly:recurly_client_python:2.6.0
    cpe:2.3:a:recurly:recurly_client_python:2.6.0
  • cpe:2.3:a:recurly:recurly_client_python:2.6.1
    cpe:2.3:a:recurly:recurly_client_python:2.6.1
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-918
CAPEC
refmap via4
confirm
misc https://hackerone.com/reports/288635
Last major update 13-11-2017 - 12:29
Published 13-11-2017 - 12:29
Last modified 01-12-2017 - 08:40
Back to Top