Critical severity9.8NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026
CVE-2017-0907
CVE-2017-0907
Description
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
recurly-api-clientNuGet | < 1.0.1 | 1.0.1 |
recurly-api-clientNuGet | >= 1.1.0, < 1.1.10 | 1.1.10 |
recurly-api-clientNuGet | >= 1.2.0, < 1.2.8 | 1.2.8 |
recurly-api-clientNuGet | >= 1.3.0, < 1.3.2 | 1.3.2 |
recurly-api-clientNuGet | >= 1.4.0, < 1.4.14 | 1.4.14 |
recurly-api-clientNuGet | >= 1.5.0, < 1.5.3 | 1.5.3 |
recurly-api-clientNuGet | >= 1.6.0, < 1.6.2 | 1.6.2 |
recurly-api-clientNuGet | >= 1.7.0, < 1.7.1 | 1.7.1 |
recurly-api-clientNuGet | >= 1.8.0, < 1.8.1 | 1.8.1 |
Affected products
46cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*+ 44 more
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:recurly:recurly_client_.net:1.8.0:*:*:*:*:*:*:*
- (no CPE)range: Versions before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1
Patches
Vulnerability mechanics
References
5- github.com/recurly/recurly-client-net/commit/9eef460c0084afd5c24d66220c8b7a381cf9a1f1nvdPatchThird Party AdvisoryWEB
- dev.recurly.com/page/net-updatesnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-xpwp-rq3x-x6v7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-0907ghsaADVISORY
- hackerone.com/reports/288635nvdPermissions RequiredWEB
News mentions
0No linked articles in our index yet.