CVE-2017-0907 Information
Description
The Recurly Client .NET Library before 1.0.1 1.1.10 1.2.8 1.3.2 1.4.14 1.5.3 1.6.2 1.7.1 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \Uri.EscapeUriString\ that could result in compromise of API keys or other critical resources.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://dev.recurly.com/page/net-updates
https://dev.recurly.com/page/net-updates
https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1
https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1
https://hackerone.com/reports/288635
The
Recurly
Client
.NET
Library
before
1.0.1
1.1.10
1.2.8
1.3.2
1.4.14
1.5.3
1.6.2
1.7.1
1.8.1
is
vulnerable
to
a
Server-Side
Request
Forgery
vulnerability
due
to
incorrect
use
of
\Uri.EscapeUriString
that
could
result
in
compromise
of
API
keys
or
other
critical
resources.
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1::::::
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2::::::
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3::::::
cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1::::::
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.1:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.4:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.5:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.6:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.7:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.8:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.1.9:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.2.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.2.1:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.2.2:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.2.5:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.2.6:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.2.7:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.3.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.3.1:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.1:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.2:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.3:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.4:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.5:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.6:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.7:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.8:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.9:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.10:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.11:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.12:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.4.13:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.5.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.6.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.6.1:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.7.0:::::::*
cpe:2.3:a:recurly:recurly_client_.net:1.8.0:::::::*
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: