The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| recurly | recurly_client_ruby | 2.11.0 |
| recurly | recurly_client_ruby | 2.5.3 |
| recurly | recurly_client_ruby | 2.10.3 |
| recurly | recurly_client_ruby | 2.10.1 |
| recurly | recurly_client_ruby | 2.10.2 |
| recurly | recurly_client_ruby | 2.11.2 |
| recurly | recurly_client_ruby | 2.1.2 |
| recurly | recurly_client_ruby | 2.4.10 |
| recurly | recurly_client_ruby | 2.1.1 |
| recurly | recurly_client_ruby | 2.2.3 |
| recurly | recurly_client_ruby | 2.2.0 |
| recurly | recurly_client_ruby | 2.6.0 |
| recurly | recurly_client_ruby | 2.11.1 |
| recurly | recurly_client_ruby | 2.4.6 |
| recurly | recurly_client_ruby | 2.4.5 |
| recurly | recurly_client_ruby | 2.5.1 |
| recurly | recurly_client_ruby | 2.2.4 |
| recurly | recurly_client_ruby | 2.5.0 |
| recurly | recurly_client_ruby | 2.8.1 |
| recurly | recurly_client_ruby | 2.1.4 |
| recurly | recurly_client_ruby | 2.0.12 |
| recurly | recurly_client_ruby | 2.4.1 |
| recurly | recurly_client_ruby | 2.1.6 |
| recurly | recurly_client_ruby | 2.1.5 |
| recurly | recurly_client_ruby | 2.7.6 |
| recurly | recurly_client_ruby | 2.0.4 |
| recurly | recurly_client_ruby | 2.3.8 |
| recurly | recurly_client_ruby | 2.1.10 |
| recurly | recurly_client_ruby | 2.3.4 |
| recurly | recurly_client_ruby | 2.0.0 |
| recurly | recurly_client_ruby | 2.5.2 |
| recurly | recurly_client_ruby | 2.6.2 |
| recurly | recurly_client_ruby | 2.4.8 |
| recurly | recurly_client_ruby | 2.1.0 |
| recurly | recurly_client_ruby | 2.7.4 |
| recurly | recurly_client_ruby | 2.0.8 |
| recurly | recurly_client_ruby | 2.3.9 |
| recurly | recurly_client_ruby | 2.4.0 |
| recurly | recurly_client_ruby | 2.3.0 |
| recurly | recurly_client_ruby | 2.7.5 |
| recurly | recurly_client_ruby | 2.6.1 |
| recurly | recurly_client_ruby | 2.7.0 |
| recurly | recurly_client_ruby | 2.3.2 |
| recurly | recurly_client_ruby | 2.0.10 |
| recurly | recurly_client_ruby | 2.3.3 |
| recurly | recurly_client_ruby | 2.3.7 |
| recurly | recurly_client_ruby | 2.4.7 |
| recurly | recurly_client_ruby | 2.0.3 |
| recurly | recurly_client_ruby | 2.4.4 |
| recurly | recurly_client_ruby | 2.3.5 |
| recurly | recurly_client_ruby | 2.3.1 |
| recurly | recurly_client_ruby | 2.7.7 |
| recurly | recurly_client_ruby | 2.3.6 |
| recurly | recurly_client_ruby | 2.0.6 |
| recurly | recurly_client_ruby | 2.0.1 |
| recurly | recurly_client_ruby | 2.0.7 |
| recurly | recurly_client_ruby | 2.4.9 |
| recurly | recurly_client_ruby | 2.2.2 |
| recurly | recurly_client_ruby | 2.9.1 |
| recurly | recurly_client_ruby | 2.10.0 |
| recurly | recurly_client_ruby | 2.2.1 |
| recurly | recurly_client_ruby | 2.0.9 |
| recurly | recurly_client_ruby | 2.7.3 |
| recurly | recurly_client_ruby | 2.1.9 |
| recurly | recurly_client_ruby | 2.7.1 |
| recurly | recurly_client_ruby | 2.8.0 |
| recurly | recurly_client_ruby | 2.1.7 |
| recurly | recurly_client_ruby | 2.9.0 |
| recurly | recurly_client_ruby | 2.1.8 |
| recurly | recurly_client_ruby | 2.7.2 |
| recurly | recurly_client_ruby | 2.0.2 |
| recurly | recurly_client_ruby | 2.0.11 |
| recurly | recurly_client_ruby | 2.0.5 |
| recurly | recurly_client_ruby | 2.1.3 |
| recurly | recurly_client_ruby | 2.4.2 |
| recurly | recurly_client_ruby | 2.4.3 |
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| recurly | recurly_client_python | 2.6.1 |
| recurly | recurly_client_python | 2.6.0 |
| recurly | recurly_client_python | 2.5.0 |
| recurly | recurly_client_python | * |
| recurly | recurly_client_python | 2.3.0 |
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| recurly | recurly_client_.net | 1.4.1 |
| recurly | recurly_client_.net | 1.0.0.2 |
| recurly | recurly_client_.net | 1.7.0 |
| recurly | recurly_client_.net | 1.4.12 |
| recurly | recurly_client_.net | 1.4.9 |
| recurly | recurly_client_.net | 1.4.11 |
| recurly | recurly_client_.net | 1.2.2 |
| recurly | recurly_client_.net | 1.4.0 |
| recurly | recurly_client_.net | 1.1.6 |
| recurly | recurly_client_.net | 1.2.1 |
| recurly | recurly_client_.net | 1.4.5 |
| recurly | recurly_client_.net | 1.6.0 |
| recurly | recurly_client_.net | 1.0.0.1 |
| recurly | recurly_client_.net | 1.4.8 |
| recurly | recurly_client_.net | 1.2.7 |
| recurly | recurly_client_.net | 1.0.0 |
| recurly | recurly_client_.net | 1.8.0 |
| recurly | recurly_client_.net | 1.4.6 |
| recurly | recurly_client_.net | 1.0.0.4 |
| recurly | recurly_client_.net | 1.1.4 |
| recurly | recurly_client_.net | 1.2.6 |
| recurly | recurly_client_.net | 1.4.7 |
| recurly | recurly_client_.net | 1.4.13 |
| recurly | recurly_client_.net | 1.1.8 |
| recurly | recurly_client_.net | 1.1.9 |
| recurly | recurly_client_.net | 1.1.5 |
| recurly | recurly_client_.net | 1.1.7 |
| recurly | recurly_client_.net | 1.2.5 |
| recurly | recurly_client_.net | 1.3.1 |
| recurly | recurly_client_.net | 1.1.1 |
| recurly | recurly_client_.net | 1.6.1 |
| recurly | recurly_client_.net | 1.4.4 |
| recurly | recurly_client_.net | 1.0.0.3 |
| recurly | recurly_client_.net | 1.5.0 |
| recurly | recurly_client_.net | 1.4.10 |
| recurly | recurly_client_.net | 1.3.0 |
| recurly | recurly_client_.net | 1.4.2 |
| recurly | recurly_client_.net | 1.2.0 |
| recurly | recurly_client_.net | 1.1.0 |
| recurly | recurly_client_.net | 1.4.3 |