CVE-2017-0907

Summary

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.

Affected Software

VendorProductVersion RangeStatus
Recurlyrecurly-api-client .NET libraryVersions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1affected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF) (CWE-918)

ADP Enrichment

CVE Program Container

Additional References

References