Published: 13/11/2017 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Recurly Client Ruby Library prior to 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.

Vulnerable Product	Search on Vulmon	Subscribe to Product
recurly recurly client ruby 2.0.0
recurly recurly client ruby 2.0.1
recurly recurly client ruby 2.0.6
recurly recurly client ruby 2.0.7
recurly recurly client ruby 2.0.8
recurly recurly client ruby 2.0.9
recurly recurly client ruby 2.0.3
recurly recurly client ruby 2.0.5
recurly recurly client ruby 2.0.10
recurly recurly client ruby 2.0.12
recurly recurly client ruby 2.0.2
recurly recurly client ruby 2.0.4
recurly recurly client ruby 2.0.11
recurly recurly client ruby 2.1.7
recurly recurly client ruby 2.1.8
recurly recurly client ruby 2.1.9
recurly recurly client ruby 2.1.10
recurly recurly client ruby 2.1.0
recurly recurly client ruby 2.1.1
recurly recurly client ruby 2.1.2
recurly recurly client ruby 2.1.3
recurly recurly client ruby 2.1.5
recurly recurly client ruby 2.1.4
recurly recurly client ruby 2.1.6
recurly recurly client ruby 2.2.3
recurly recurly client ruby 2.2.4
recurly recurly client ruby 2.2.0
recurly recurly client ruby 2.2.2
recurly recurly client ruby 2.2.1
recurly recurly client ruby 2.3.4
recurly recurly client ruby 2.3.5
recurly recurly client ruby 2.3.6
recurly recurly client ruby 2.3.7
recurly recurly client ruby 2.3.8
recurly recurly client ruby 2.3.0
recurly recurly client ruby 2.3.2
recurly recurly client ruby 2.3.9
recurly recurly client ruby 2.3.1
recurly recurly client ruby 2.3.3
recurly recurly client ruby 2.4.10
recurly recurly client ruby 2.4.2
recurly recurly client ruby 2.4.3
recurly recurly client ruby 2.4.4
recurly recurly client ruby 2.4.5
recurly recurly client ruby 2.4.0
recurly recurly client ruby 2.4.7
recurly recurly client ruby 2.4.9
recurly recurly client ruby 2.4.1
recurly recurly client ruby 2.4.6
recurly recurly client ruby 2.4.8
recurly recurly client ruby 2.5.0
recurly recurly client ruby 2.5.1
recurly recurly client ruby 2.5.2
recurly recurly client ruby 2.5.3
recurly recurly client ruby 2.6.1
recurly recurly client ruby 2.6.2
recurly recurly client ruby 2.6.0
recurly recurly client ruby 2.7.0
recurly recurly client ruby 2.7.1
recurly recurly client ruby 2.7.2
recurly recurly client ruby 2.7.3
recurly recurly client ruby 2.7.5
recurly recurly client ruby 2.7.7
recurly recurly client ruby 2.7.4
recurly recurly client ruby 2.7.6
recurly recurly client ruby 2.8.0
recurly recurly client ruby 2.8.1
recurly recurly client ruby 2.9.0
recurly recurly client ruby 2.9.1
recurly recurly client ruby 2.10.0
recurly recurly client ruby 2.10.1
recurly recurly client ruby 2.10.2
recurly recurly client ruby 2.10.3
recurly recurly client ruby 2.11.1
recurly recurly client ruby 2.11.0
recurly recurly client ruby 2.11.2

CWE-918 https://hackerone.com/reports/288635 https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be https://dev.recurly.com/page/ruby-updates https://nvd.nist.gov

Get Started

CVE-2017-0905

Vulnerability Summary

References

Vulmon Search

About

Products

Connect