Sha256: 5480168bcb47b2da788f02c5993a429cccb5b68ead6d7fa72837de2145e1871d
Contents?: true
Size: 979 Bytes
Versions: 3
Compression:
Stored size: 979 Bytes
Contents
---
gem: recurly
cve: 2017-0905
url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0905
date: 2017-11-09
title: SSRF vulnerability in Recurly gem's Resource#find.
description: |
If you are using the #find method on any of the classes that are derived from
the Resource class and you are passing user input into that method, a
malicious user can force the http client to reach out to a server under their
control. This can lead to leakage of your private API key.
Because of the severity of impact, we are recommending that all users upgrade
to a patched version. We have provided a non-breaking patch for every 2.X
version of the client.
patched_versions:
- ~> 2.0.13
- ~> 2.1.11
- ~> 2.2.5
- ~> 2.3.10
- ~> 2.4.11
- ~> 2.5.3
- ~> 2.6.3
- ~> 2.7.8
- ~> 2.8.2
- ~> 2.9.2
- ~> 2.10.4
- ~> 2.11.3
- ">= 2.12.0"
related:
url:
- https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be
Version data entries
3 entries across 3 versions & 2 rubygems