CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
recurlyrecurly_client_python
2.0.0 ≤
𝑥
≤ 2.0.4
recurlyrecurly_client_python
2.1.0 ≤
𝑥
≤ 2.1.15
recurlyrecurly_client_python
2.2.0 ≤
𝑥
≤ 2.2.21
recurlyrecurly_client_python
2.3.0
recurlyrecurly_client_python
2.4.0 ≤
𝑥
≤ 2.4.4
recurlyrecurly_client_python
2.5.0
recurlyrecurly_client_python
2.6.0
recurlyrecurly_client_python
2.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://dev.recurly.com/page/python-updates
https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742
https://hackerone.com/reports/288635
https://dev.recurly.com/page/python-updates
https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742
https://hackerone.com/reports/288635