{"containers": {"cna": {"affected": [{"product": "recurly-api-client .NET library", "vendor": "Recurly", "versions": [{"status": "affected", "version": "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1"}]}], "datePublic": "2017-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "Server-Side Request Forgery (SSRF) (CWE-918)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-11-13T16:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/288635"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://dev.recurly.com/page/net-updates"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2017-11-06T00:00:00", "ID": "CVE-2017-0907", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "recurly-api-client .NET library", "version": {"version_data": [{"version_value": "Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1"}]}}]}, "vendor_name": "Recurly"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Server-Side Request Forgery (SSRF) (CWE-918)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/288635", "refsource": "MISC", "url": "https://hackerone.com/reports/288635"}, {"name": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1", "refsource": "CONFIRM", "url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"}, {"name": "https://dev.recurly.com/page/net-updates", "refsource": "CONFIRM", "url": "https://dev.recurly.com/page/net-updates"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:25:16.897Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/288635"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://dev.recurly.com/page/net-updates"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2017-0907", "datePublished": "2017-11-13T17:00:00Z", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2024-09-16T23:00:52.282Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "22F2D2A1-3C64-4CAA-B2A2-C254C95A49C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "E3DDFA06-B2FD-4AB9-8423-4C76BC9FAE8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "5EA7A613-E55F-49EB-87E8-9CB83EF3DDA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "4765C91E-5DCB-4B54-AD73-907CC374C7A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "95C307C3-F550-49A3-9FD5-2418AB484C4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FA86E3D-2D2C-4750-8BBC-0EAE302DF47B", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3802F42-F46A-4BB6-B8C7-7625E2846488", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "66235403-14C1-4AF5-AB74-748B95E85CD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2D8A19AA-7D3C-416F-BBFC-5A91DAB6583D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "15DDF496-99E4-4330-B064-5FBB58E36D64", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "46A04580-65DE-4D17-9195-E5B83C9F498C", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "48E14FE3-8E6A-4F4F-83FB-792BCBA320C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C4082835-F0C2-4580-ACBE-80E0F7CB0E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "AC035AE8-1922-406B-86C2-25FE8C132A45", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E9F7A853-7A45-4B0A-A800-716065682ECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "9A9989A7-8F01-43DE-8811-2B132829AE9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "5E128EAA-909C-41C2-A4B1-517A7BE79881", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E9608C6-524B-4511-91CD-4B30E482B1AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "58CF4244-145B-4C16-AC5E-9C2286E10E2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C63D2400-E9D2-4FA2-AB6F-ECA8809CF4B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "930D66DD-FD21-4E5E-8502-21489B74E32E", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "FC8642A6-8181-4B76-8E1F-2FF0420B2AD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "3B780FA8-EA5E-4D4E-A9D7-40963AB676F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F76037C8-C915-491E-BDDE-E69C7720C898", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "1604EB87-941B-490E-B7CD-0827D7DB0382", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AAD3042-2278-4B7F-B1F3-FFEEB8406C29", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "BFFB2017-5596-41BD-A6B1-2C947CF6269C", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C7ABDA3-A5F5-4830-A245-1AF2923D81B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4B36C09-CA2A-4F2E-A3CA-7E5A1D2ECB8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "9E8DB124-C085-4C82-9B0C-9B50180FE1D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "4B638025-55AF-4E10-8689-1934F393EACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "F7C753D4-1973-4A6B-BDCF-859A265E2693", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "6F8D5C9E-97DD-43BE-BEF3-389EF3A26684", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "1F875658-9A48-4E5B-9B02-8481A0F6DA98", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "B73B2B38-8C74-47B7-93FF-5C165776A9B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "9E021CE8-FCA0-48F5-B8A1-B0B1F2F82A12", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "77E1780C-E158-494F-B13A-283CA1AEDEC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "C3873854-6D94-4864-8334-1546D9222638", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "FF70745E-F60D-4187-B88F-42F85A910AC4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC33AF32-C64D-49EE-82FA-DB8F84581DD8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A25ED87A-E450-453E-A9A9-F11C36665BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0BB8A73-CA7E-482E-B30C-E6E40DC2D864", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "79B6C617-FED1-4303-A38A-6FD791DA059C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:recurly:recurly_client_.net:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "97CE0391-24BA-4AAF-B600-2B153D95F272", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."}, {"lang": "es", "value": "La biblioteca de .NET Recurly Client en versiones anteriores a la 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1 y 1.8.1 es vulnerable a Server-Side Request Forgery en el m\u00e9todo \"Uri.EscapeUriString\" que podr\u00eda conllevar el compromiso de las claves API o de otros recursos cr\u00edticos."}], "id": "CVE-2017-0907", "lastModified": "2019-10-09T23:21:11.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-13T17:29:00.490", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://dev.recurly.com/page/net-updates"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1"}, {"source": "support@hackerone.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/288635"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{}