Skip to content

Critical severity vulnerability that affects recurly-api-client

Critical severity GitHub Reviewed Published Oct 16, 2018 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

nuget recurly-api-client (NuGet)

Affected versions

< 1.0.1
>= 1.1.0, < 1.1.10
>= 1.2.0, < 1.2.8
>= 1.3.0, < 1.3.2
>= 1.4.0, < 1.4.14
>= 1.5.0, < 1.5.3
>= 1.6.0, < 1.6.2
= 1.7.0
= 1.8.0

Patched versions

1.0.1
1.1.10
1.2.8
1.3.2
1.4.14
1.5.3
1.6.2
1.7.1
1.8.1

Description

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.

References

Published to the GitHub Advisory Database Oct 16, 2018
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Critical

EPSS score

0.377%
(73rd percentile)

Weaknesses

CVE ID

CVE-2017-0907

GHSA ID

GHSA-xpwp-rq3x-x6v7

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.