CVE-2017-0906 Information
Description
The Recurly Client Python Library before 2.0.5 2.1.16 2.2.22 2.3.1 2.4.5 2.5.1 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the \Resource.get\ method that could result in compromise of API keys or other critical resources.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://dev.recurly.com/page/python-updates
https://dev.recurly.com/page/python-updates
https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742
https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742
https://hackerone.com/reports/288635
The
Recurly
Client
Python
Library
before
2.0.5
2.1.16
2.2.22
2.3.1
2.4.5
2.5.1
2.6.2
is
vulnerable
to
a
Server-Side
Request
Forgery
vulnerability
in
the
\Resource.get
method
that
could
result
in
compromise
of
API
keys
or
other
critical
resources.
cpe:2.3:a:recurly:recurly_client_python::::::::
cpe:2.3:a:recurly:recurly_client_python::::::::
cpe:2.3:a:recurly:recurly_client_python::::::::
cpe:2.3:a:recurly:recurly_client_python:2.3.0:::::::*
cpe:2.3:a:recurly:recurly_client_python::::::::
cpe:2.3:a:recurly:recurly_client_python:2.5.0:::::::*
cpe:2.3:a:recurly:recurly_client_python:2.6.0:::::::*
cpe:2.3:a:recurly:recurly_client_python:2.6.1:::::::*
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: