PT-2017-10707 · Recurly · Recurly Client .Net Library

Publicado

2017-11-13

·

Atualizado

2019-10-09

·

CVE-2017-0907

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Recurly Client .NET Library versions prior to 1.0.1 Recurly Client .NET Library versions prior to 1.1.10 Recurly Client .NET Library versions prior to 1.2.8 Recurly Client .NET Library versions prior to 1.3.2 Recurly Client .NET Library versions prior to 1.4.14 Recurly Client .NET Library versions prior to 1.5.3 Recurly Client .NET Library versions prior to 1.6.2 Recurly Client .NET Library versions prior to 1.7.1 Recurly Client .NET Library versions prior to 1.8.1
Description The issue is related to a Server-Side Request Forgery vulnerability due to the incorrect use of Uri.EscapeUriString that could result in the compromise of API keys or other critical resources.
Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later. For versions prior to 1.1.10, update to version 1.1.10 or later. For versions prior to 1.2.8, update to version 1.2.8 or later. For versions prior to 1.3.2, update to version 1.3.2 or later. For versions prior to 1.4.14, update to version 1.4.14 or later. For versions prior to 1.5.3, update to version 1.5.3 or later. For versions prior to 1.6.2, update to version 1.6.2 or later. For versions prior to 1.7.1, update to version 1.7.1 or later. For versions prior to 1.8.1, update to version 1.8.1 or later.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2017-0907
GHSA-XPWP-RQ3X-X6V7

Produtos afetados

Recurly Client .Net Library