CVE-2017-0905

Name of the Vulnerable Software and Affected Versions Recurly Client Ruby Library versions prior to 2.0.13 Recurly Client Ruby Library versions prior to 2.1.11 Recurly Client Ruby Library versions prior to 2.2.5 Recurly Client Ruby Library versions prior to 2.3.10 Recurly Client Ruby Library versions prior to 2.4.11 Recurly Client Ruby Library versions prior to 2.5.4 Recurly Client Ruby Library versions prior to 2.6.3 Recurly Client Ruby Library versions prior to 2.7.8 Recurly Client Ruby Library versions prior to 2.8.2 Recurly Client Ruby Library versions prior to 2.9.2 Recurly Client Ruby Library versions prior to 2.10.4 Recurly Client Ruby Library versions prior to 2.11.3

Description The issue is related to a Server-Side Request Forgery vulnerability in the Resource#find method. This could result in the compromise of API keys or other critical resources.

Recommendations For versions prior to 2.0.13, update to version 2.0.13 or later. For versions prior to 2.1.11, update to version 2.1.11 or later. For versions prior to 2.2.5, update to version 2.2.5 or later. For versions prior to 2.3.10, update to version 2.3.10 or later. For versions prior to 2.4.11, update to version 2.4.11 or later. For versions prior to 2.5.4, update to version 2.5.4 or later. For versions prior to 2.6.3, update to version 2.6.3 or later. For versions prior to 2.7.8, update to version 2.7.8 or later. For versions prior to 2.8.2, update to version 2.8.2 or later. For versions prior to 2.9.2, update to version 2.9.2 or later. For versions prior to 2.10.4, update to version 2.10.4 or later. For versions prior to 2.11.3, update to version 2.11.3 or later.