Critical severity9.8NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026
CVE-2017-0906
CVE-2017-0906
Description
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
recurlyPyPI | >= 2.6.0, < 2.6.2 | 2.6.2 |
recurlyPyPI | >= 2.5.0, < 2.5.1 | 2.5.1 |
recurlyPyPI | >= 2.4.0, < 2.4.5 | 2.4.5 |
recurlyPyPI | >= 2.3.0, < 2.3.1 | 2.3.1 |
recurlyPyPI | >= 2.2.0, < 2.2.22 | 2.2.22 |
recurlyPyPI | >= 2.1.0, < 2.1.16 | 2.1.16 |
recurlyPyPI | < 2.0.5 | 2.0.5 |
Affected products
7cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:recurly:recurly_client_python:*:*:*:*:*:*:*:*range: >=2.0.0,<=2.0.4
- cpe:2.3:a:recurly:recurly_client_python:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_python:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_python:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_python:2.6.1:*:*:*:*:*:*:*
- Recurly/recurly python modulev5Range: Versions before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2
Patches
Vulnerability mechanics
References
6- github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742nvdPatchThird Party AdvisoryWEB
- dev.recurly.com/page/python-updatesnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-38rv-5jqc-m2cvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-0906ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/recurly/PYSEC-2017-68.yamlghsaWEB
- hackerone.com/reports/288635nvdPermissions RequiredWEB
News mentions
0No linked articles in our index yet.