CVE-2017-0907 (GCVE-0-2017-0907)
Vulnerability from cvelistv5
Published
2017-11-13 17:00
Modified
2024-09-16 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) ()
Summary
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
References
| ► | URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Recurly | recurly-api-client .NET library |
Version: Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:16.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/288635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dev.recurly.com/page/net-updates"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "recurly-api-client .NET library",
"vendor": "Recurly",
"versions": [
{
"status": "affected",
"version": "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1"
}
]
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T16:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/288635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dev.recurly.com/page/net-updates"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-11-06T00:00:00",
"ID": "CVE-2017-0907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "recurly-api-client .NET library",
"version": {
"version_data": [
{
"version_value": "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1"
}
]
}
}
]
},
"vendor_name": "Recurly"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/288635",
"refsource": "MISC",
"url": "https://hackerone.com/reports/288635"
},
{
"name": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1",
"refsource": "CONFIRM",
"url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"
},
{
"name": "https://dev.recurly.com/page/net-updates",
"refsource": "CONFIRM",
"url": "https://dev.recurly.com/page/net-updates"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0907",
"datePublished": "2017-11-13T17:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:00:52.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-0907\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2017-11-13T17:29:00.490\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \\\"Uri.EscapeUriString\\\" that could result in compromise of API keys or other critical resources.\"},{\"lang\":\"es\",\"value\":\"La biblioteca de .NET Recurly Client en versiones anteriores a la 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1 y 1.8.1 es vulnerable a Server-Side Request Forgery en el m\u00e9todo \\\"Uri.EscapeUriString\\\" que podr\u00eda conllevar el compromiso de las claves API o de otros recursos cr\u00edticos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22F2D2A1-3C64-4CAA-B2A2-C254C95A49C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3DDFA06-B2FD-4AB9-8423-4C76BC9FAE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EA7A613-E55F-49EB-87E8-9CB83EF3DDA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4765C91E-5DCB-4B54-AD73-907CC374C7A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"95C307C3-F550-49A3-9FD5-2418AB484C4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA86E3D-2D2C-4750-8BBC-0EAE302DF47B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3802F42-F46A-4BB6-B8C7-7625E2846488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66235403-14C1-4AF5-AB74-748B95E85CD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D8A19AA-7D3C-416F-BBFC-5A91DAB6583D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15DDF496-99E4-4330-B064-5FBB58E36D64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46A04580-65DE-4D17-9195-E5B83C9F498C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E14FE3-8E6A-4F4F-83FB-792BCBA320C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4082835-F0C2-4580-ACBE-80E0F7CB0E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC035AE8-1922-406B-86C2-25FE8C132A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9F7A853-7A45-4B0A-A800-716065682ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A9989A7-8F01-43DE-8811-2B132829AE9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E128EAA-909C-41C2-A4B1-517A7BE79881\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9608C6-524B-4511-91CD-4B30E482B1AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58CF4244-145B-4C16-AC5E-9C2286E10E2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63D2400-E9D2-4FA2-AB6F-ECA8809CF4B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"930D66DD-FD21-4E5E-8502-21489B74E32E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC8642A6-8181-4B76-8E1F-2FF0420B2AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B780FA8-EA5E-4D4E-A9D7-40963AB676F7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76037C8-C915-491E-BDDE-E69C7720C898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1604EB87-941B-490E-B7CD-0827D7DB0382\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AAD3042-2278-4B7F-B1F3-FFEEB8406C29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFFB2017-5596-41BD-A6B1-2C947CF6269C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C7ABDA3-A5F5-4830-A245-1AF2923D81B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4B36C09-CA2A-4F2E-A3CA-7E5A1D2ECB8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E8DB124-C085-4C82-9B0C-9B50180FE1D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B638025-55AF-4E10-8689-1934F393EACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7C753D4-1973-4A6B-BDCF-859A265E2693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F8D5C9E-97DD-43BE-BEF3-389EF3A26684\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F875658-9A48-4E5B-9B02-8481A0F6DA98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B73B2B38-8C74-47B7-93FF-5C165776A9B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E021CE8-FCA0-48F5-B8A1-B0B1F2F82A12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E1780C-E158-494F-B13A-283CA1AEDEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3873854-6D94-4864-8334-1546D9222638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF70745E-F60D-4187-B88F-42F85A910AC4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC33AF32-C64D-49EE-82FA-DB8F84581DD8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A25ED87A-E450-453E-A9A9-F11C36665BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0BB8A73-CA7E-482E-B30C-E6E40DC2D864\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79B6C617-FED1-4303-A38A-6FD791DA059C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:recurly:recurly_client_.net:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97CE0391-24BA-4AAF-B600-2B153D95F272\"}]}]}],\"references\":[{\"url\":\"https://dev.recurly.com/page/net-updates\",\"source\":\"support@hackerone.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/288635\",\"source\":\"support@hackerone.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://dev.recurly.com/page/net-updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/288635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…