Lucene search
K

5 matches found

OSV
OSV
added 2017/12/06 4:43 p.m.15 views

GHSA-X27V-X225-GQ8G Recurly gem Server-Side Request Forgery in Resource#find method

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resourcefind method that could result in compromise of API keys or other critical resources...

9.8CVSS9.4AI score0.02594EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2017/12/06 4:43 p.m.33 views

Recurly gem Server-Side Request Forgery in Resource#find method

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resourcefind method that could result in compromise of API keys or other critical resources...

9.8CVSS8.9AI score0.02594EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2017/11/14 12:0 a.m.3 views

Recurly Client Ruby Library Server-Side Request Forgery Vulnerability

Recurly Client Ruby Library is a Ruby API wrapper for Recurly from Recurly USA. A server-side request forgery vulnerability exists in the Resourcefind method in the Recurly Client Ruby Library. An attacker could use this vulnerability to take control of API keys or other important resources...

9.8CVSS7AI score0.02594EPSS
Exploits0References1
Prion
Prion
added 2017/11/13 5:29 p.m.13 views

Server side request forgery (ssrf)

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...

7.5CVSS9.4AI score0.02594EPSS
Exploits0References3Affected Software1
RubySec
RubySec
added 2017/11/09 12:0 a.m.22 views

SSRF vulnerability in Recurly gem's Resource#find.

If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...

9.8CVSS0.9AI score0.02594EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder