GHSA-x27v-x225-gq8g

Suggest an improvement
Source
https://github.com/advisories/GHSA-x27v-x225-gq8g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/12/GHSA-x27v-x225-gq8g/GHSA-x27v-x225-gq8g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x27v-x225-gq8g
Aliases
Published
2017-12-06T16:43:00Z
Modified
2024-02-16T08:21:56.684023Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Recurly gem Server-Side Request Forgery in Resource#find method
Details

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource#find method that could result in compromise of API keys or other critical resources.

Database specific
{
    "nvd_published_at": null,
    "severity": "CRITICAL",
    "github_reviewed_at": "2020-06-16T22:01:40Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.3.0
Fixed
2.3.10

Affected versions

2.*

2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.5

Affected versions

2.*

2.2.0
2.2.1
2.2.2
2.2.3
2.2.4

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.11

Affected versions

2.*

2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.7
2.1.8
2.1.9
2.1.10

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.13

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.9.0
Fixed
2.9.2

Affected versions

2.*

2.9.0
2.9.1

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.8.0
Fixed
2.8.2

Affected versions

2.*

2.8.0
2.8.1

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.7.0
Fixed
2.7.8

Affected versions

2.*

2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.0
Fixed
2.6.3

Affected versions

2.*

2.6.0
2.6.1
2.6.2

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5.0
Fixed
2.5.4

Affected versions

2.*

2.5.0
2.5.1
2.5.2
2.5.3

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.4.0
Fixed
2.4.11

Affected versions

2.*

2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.11.0
Fixed
2.11.3

Affected versions

2.*

2.11.0
2.11.1
2.11.2

RubyGems / recurly

Package

Name
recurly
Purl
pkg:gem/recurly

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.10.0
Fixed
2.10.4

Affected versions

2.*

2.10.0
2.10.1
2.10.2
2.10.3