CVE-2017-0905
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.
Affected (80)
Products: Recurly: Recurly Client Ruby
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.0.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.1.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.2.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.3.0 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.4.0 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.5.0 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.6.0 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.7.0 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.8.0 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.9.0 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.10.0 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.11.0 |
References (6)
Source: support@hackerone.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Timeline
No history available yet.