5 matches found
GHSA-X27V-X225-GQ8G Recurly gem Server-Side Request Forgery in Resource#find method
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resourcefind method that could result in compromise of API keys or other critical resources...
Recurly gem Server-Side Request Forgery in Resource#find method
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the Resourcefind method that could result in compromise of API keys or other critical resources...
Recurly Client Ruby Library Server-Side Request Forgery Vulnerability
Recurly Client Ruby Library is a Ruby API wrapper for Recurly from Recurly USA. A server-side request forgery vulnerability exists in the Resourcefind method in the Recurly Client Ruby Library. An attacker could use this vulnerability to take control of API keys or other important resources...
Server side request forgery (ssrf)
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...
SSRF vulnerability in Recurly gem's Resource#find.
If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...