CVE-2017-0906

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-0906
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0906.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-0906
Aliases
Published
2017-11-13T17:29:00.457Z
Modified
2026-03-13T22:21:52.758554Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.

References

Affected packages

Git / github.com/recurly/recurly-client-python

Affected ranges

Type
GIT
Repo
https://github.com/recurly/recurly-client-python
Events
Introduced
a0c30bd875d44d5c180b6b2e0d40343ff0f76be4
Last affected
f7c1ef33a72b84135d895d9a9a04fb7861a9741e
Introduced
0ea4aee2318029ffe8f578cb7159773fb1df3d9f
Last affected
9836471159eb129a7c9e31184f2d52f3a98a7489
Introduced
076b9e67d833509ec03068df49bccd8ab7635d2a
Last affected
45414c17f794cb3fe90feb09d9f50f3564a701de
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f03d9e201ef6087d2b5c5bcd033b52cd6141b6d7
Introduced
bc6c3247803919b5ed368b3c6cf1474e1c974568
Last affected
fabd88e8198eb59975f4a6835578078bdd1bd9fa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d77ed48c8913afc4673717ade549b072a54d2644
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6dfb4693f7b3c3faf883b304dc79d5b98d7a9d40
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9db2d1a0268201571a567d73481d0d16c6fbc5e1
Fixed
049c74699ce93cf126feff06d632ea63fba36742
Database specific 
{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.4"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "last_affected": "2.1.15"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.21"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.1"
        }
    ]
}

Affected versions

2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.1.12
2.1.13
2.1.14
2.1.15
2.1.2
2.1.3
2.1.4
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21
2.2.3
2.2.4
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.5.0
2.6.0
2.6.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-0906.json"