{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T06:07:39.437","vulnerabilities":[{"cve":{"id":"CVE-2017-0907","sourceIdentifier":"support@hackerone.com","published":"2017-11-13T17:29:00.490","lastModified":"2026-06-17T00:58:30.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of \"Uri.EscapeUriString\" that could result in compromise of API keys or other critical resources."},{"lang":"es","value":"La biblioteca de .NET Recurly Client en versiones anteriores a la 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1 y 1.8.1 es vulnerable a Server-Side Request Forgery en el método \"Uri.EscapeUriString\" que podría conllevar el compromiso de las claves API o de otros recursos críticos."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Recurly","product":"recurly-api-client .NET library","versions":[{"version":"Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"22F2D2A1-3C64-4CAA-B2A2-C254C95A49C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"E3DDFA06-B2FD-4AB9-8423-4C76BC9FAE8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"5EA7A613-E55F-49EB-87E8-9CB83EF3DDA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"4765C91E-5DCB-4B54-AD73-907CC374C7A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"95C307C3-F550-49A3-9FD5-2418AB484C4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2FA86E3D-2D2C-4750-8BBC-0EAE302DF47B"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"C3802F42-F46A-4BB6-B8C7-7625E2846488"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"66235403-14C1-4AF5-AB74-748B95E85CD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"2D8A19AA-7D3C-416F-BBFC-5A91DAB6583D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"15DDF496-99E4-4330-B064-5FBB58E36D64"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"46A04580-65DE-4D17-9195-E5B83C9F498C"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"48E14FE3-8E6A-4F4F-83FB-792BCBA320C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"C4082835-F0C2-4580-ACBE-80E0F7CB0E0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"AC035AE8-1922-406B-86C2-25FE8C132A45"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"E9F7A853-7A45-4B0A-A800-716065682ECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"9A9989A7-8F01-43DE-8811-2B132829AE9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.1.9:*:*:*:*:*:*:*","matchCriteriaId":"5E128EAA-909C-41C2-A4B1-517A7BE79881"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"4E9608C6-524B-4511-91CD-4B30E482B1AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"58CF4244-145B-4C16-AC5E-9C2286E10E2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C63D2400-E9D2-4FA2-AB6F-ECA8809CF4B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.2.5:*:*:*:*:*:*:*","matchCriteriaId":"930D66DD-FD21-4E5E-8502-21489B74E32E"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.2.6:*:*:*:*:*:*:*","matchCriteriaId":"FC8642A6-8181-4B76-8E1F-2FF0420B2AD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.2.7:*:*:*:*:*:*:*","matchCriteriaId":"3B780FA8-EA5E-4D4E-A9D7-40963AB676F7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"F76037C8-C915-491E-BDDE-E69C7720C898"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"1604EB87-941B-490E-B7CD-0827D7DB0382"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4AAD3042-2278-4B7F-B1F3-FFEEB8406C29"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"BFFB2017-5596-41BD-A6B1-2C947CF6269C"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"8C7ABDA3-A5F5-4830-A245-1AF2923D81B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.3:*:*:*:*:*:*:*","matchCriteriaId":"E4B36C09-CA2A-4F2E-A3CA-7E5A1D2ECB8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.4:*:*:*:*:*:*:*","matchCriteriaId":"9E8DB124-C085-4C82-9B0C-9B50180FE1D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.5:*:*:*:*:*:*:*","matchCriteriaId":"4B638025-55AF-4E10-8689-1934F393EACD"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.6:*:*:*:*:*:*:*","matchCriteriaId":"F7C753D4-1973-4A6B-BDCF-859A265E2693"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.7:*:*:*:*:*:*:*","matchCriteriaId":"6F8D5C9E-97DD-43BE-BEF3-389EF3A26684"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.8:*:*:*:*:*:*:*","matchCriteriaId":"1F875658-9A48-4E5B-9B02-8481A0F6DA98"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.9:*:*:*:*:*:*:*","matchCriteriaId":"B73B2B38-8C74-47B7-93FF-5C165776A9B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.10:*:*:*:*:*:*:*","matchCriteriaId":"9E021CE8-FCA0-48F5-B8A1-B0B1F2F82A12"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.11:*:*:*:*:*:*:*","matchCriteriaId":"77E1780C-E158-494F-B13A-283CA1AEDEC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.12:*:*:*:*:*:*:*","matchCriteriaId":"C3873854-6D94-4864-8334-1546D9222638"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.4.13:*:*:*:*:*:*:*","matchCriteriaId":"FF70745E-F60D-4187-B88F-42F85A910AC4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"AC33AF32-C64D-49EE-82FA-DB8F84581DD8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"A25ED87A-E450-453E-A9A9-F11C36665BA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"C0BB8A73-CA7E-482E-B30C-E6E40DC2D864"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"79B6C617-FED1-4303-A38A-6FD791DA059C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:recurly:recurly_client_.net:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"97CE0391-24BA-4AAF-B600-2B153D95F272"}]}]}],"references":[{"url":"https://dev.recurly.com/page/net-updates","source":"support@hackerone.com","tags":["Vendor Advisory"]},{"url":"https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1","source":"support@hackerone.com","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/288635","source":"support@hackerone.com","tags":["Permissions Required"]},{"url":"https://dev.recurly.com/page/net-updates","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://hackerone.com/reports/288635","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}}]}