VYPR
Critical severity9.8NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026

CVE-2017-0906

CVE-2017-0906

Description

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
recurlyPyPI
>= 2.6.0, < 2.6.22.6.2
recurlyPyPI
>= 2.5.0, < 2.5.12.5.1
recurlyPyPI
>= 2.4.0, < 2.4.52.4.5
recurlyPyPI
>= 2.3.0, < 2.3.12.3.1
recurlyPyPI
>= 2.2.0, < 2.2.222.2.22
recurlyPyPI
>= 2.1.0, < 2.1.162.1.16
recurlyPyPI
< 2.0.52.0.5

Affected products

7
  • cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*range: >=2.0.0,<=2.0.4
    • cpe:2.3:a:recurly:recurly_client_python:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:recurly:recurly_client_python:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:recurly:recurly_client_python:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:recurly:recurly_client_python:2.6.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.6.0, < 2.6.2
  • Recurly/recurly python modulev5
    Range: Versions before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.