CVE-2017-0907

Description

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.

Risk Information

Base Score

9.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.519

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.0.1	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.1.10	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.2.8	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.3.2	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.4.14	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.5.3	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.6.2	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.7.1	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client 1.8.1	Windows
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.0.1	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.1.10	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.2.8	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.3.2	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.4.14	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.5.3	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.6.2	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.7.1	Linux
Vulnerabilities CVE-2017-0907 are fixed in Nuget - recurly-api-client for Linux 1.8.1	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234