CVE-2017-0906
Last modified
CVE-2017-0906 is a vulnerability of currently unknown severity. The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.. EPSS estimates a 2.59% chance of exploitation in the next 30 days.
Description
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Recurly | Recurly Client Python | >= 2.0.0, <= 2.0.4 |
| Recurly | Recurly Client Python | >= 2.1.0, <= 2.1.15 |
| Recurly | Recurly Client Python | >= 2.2.0, <= 2.2.21 |
| Recurly | Recurly Client Python | 2.3.0 |
| Recurly | Recurly Client Python | >= 2.4.0, <= 2.4.4 |
| Recurly | Recurly Client Python | 2.5.0 |
| Recurly | Recurly Client Python | 2.6.0 |
| Recurly | Recurly Client Python | 2.6.1 |
References
- https://dev.recurly.com/page/python-updatesVendor Advisory
- https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742Patch, Third Party Advisory
- https://hackerone.com/reports/288635Permissions Required
- https://dev.recurly.com/page/python-updatesVendor Advisory
- https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742Patch, Third Party Advisory
- https://hackerone.com/reports/288635Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-0906?
How severe is CVE-2017-0906?
How do I fix CVE-2017-0906?
Are you affected by CVE-2017-0906?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST