CVE-2017-0906

Summary

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.

Affected Software

VendorProductVersion RangeStatus
Recurlyrecurly python moduleVersions before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2affected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF) (CWE-918)

ADP Enrichment

CVE Program Container

Additional References

References