GHSA-xpwp-rq3x-x6v7

Source

https://github.com/advisories/GHSA-xpwp-rq3x-x6v7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xpwp-rq3x-x6v7

Aliases

CVE-2017-0907

Published

2018-10-16T17:35:04Z

Modified

2024-12-02T05:47:53.465879Z

Summary

Critical severity vulnerability that affects recurly-api-client

Details

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.

Database specific

{
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-918"
    ],
    "github_reviewed": true,
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T22:03:58Z"
}

References

Affected packages

NuGet

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.10

Affected versions

1.*

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.2.0

Fixed

1.2.8

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.3.0

Fixed

1.3.2

Affected versions

1.*

1.3.0

1.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.4.0

Fixed

1.4.14

Affected versions

1.*

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.4.10

1.4.11

1.4.12

1.4.13

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.5.0

Fixed

1.5.3

Affected versions

1.*

1.5.0

1.5.1

1.5.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.6.0

Fixed

1.6.2

Affected versions

1.*

1.6.0

1.6.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.7.0

Fixed

1.7.1

Affected versions

1.*

1.7.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"

recurly-api-client

Package

Name: recurly-api-client; View open source insights on deps.dev
Purl: pkg:nuget/recurly-api-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.8.0

Fixed

1.8.1

Affected versions

1.*

1.8.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xpwp-rq3x-x6v7/GHSA-xpwp-rq3x-x6v7.json"