CVE-2017-0907

Name of the Vulnerable Software and Affected Versions Recurly Client .NET Library versions prior to 1.0.1 Recurly Client .NET Library versions prior to 1.1.10 Recurly Client .NET Library versions prior to 1.2.8 Recurly Client .NET Library versions prior to 1.3.2 Recurly Client .NET Library versions prior to 1.4.14 Recurly Client .NET Library versions prior to 1.5.3 Recurly Client .NET Library versions prior to 1.6.2 Recurly Client .NET Library versions prior to 1.7.1 Recurly Client .NET Library versions prior to 1.8.1

Description The issue is related to a Server-Side Request Forgery vulnerability due to the incorrect use of Uri.EscapeUriString that could result in the compromise of API keys or other critical resources.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 or later. For versions prior to 1.1.10, update to version 1.1.10 or later. For versions prior to 1.2.8, update to version 1.2.8 or later. For versions prior to 1.3.2, update to version 1.3.2 or later. For versions prior to 1.4.14, update to version 1.4.14 or later. For versions prior to 1.5.3, update to version 1.5.3 or later. For versions prior to 1.6.2, update to version 1.6.2 or later. For versions prior to 1.7.1, update to version 1.7.1 or later. For versions prior to 1.8.1, update to version 1.8.1 or later.