Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/recurly@2.4.10
Typegem
Namespace
Namerecurly
Version2.4.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.11
Latest_non_vulnerable_version2.11.3
Affected_by_vulnerabilities
0
url VCID-7h1b-dewp-p3av
vulnerability_id VCID-7h1b-dewp-p3av
summary 
SSRF vulnerability
If you are using the `#find` method on any of the classes that are derived from the `Resource` class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0905
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67106
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0905
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0905
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0905
2
reference_url https://github.com/recurly/recurly-client-ruby
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/recurly/recurly-client-ruby
3
reference_url https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/recurly/recurly-client-ruby/commit/1bb0284d6e668b8b3d31167790ed6db1f6ccc4be
4
reference_url https://hackerone.com/reports/288635
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/288635
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-0905
reference_id CVE-2017-0905
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-0905
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/recurly/CVE-2017-0905.yml
reference_id CVE-2017-0905.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/recurly/CVE-2017-0905.yml
7
reference_url https://github.com/advisories/GHSA-x27v-x225-gq8g
reference_id GHSA-x27v-x225-gq8g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x27v-x225-gq8g
fixed_packages
0
url pkg:gem/recurly@2.4.11
purl pkg:gem/recurly@2.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.4.11
1
url pkg:gem/recurly@2.5.3
purl pkg:gem/recurly@2.5.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.5.3
2
url pkg:gem/recurly@2.5.4
purl pkg:gem/recurly@2.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.5.4
3
url pkg:gem/recurly@2.6.3
purl pkg:gem/recurly@2.6.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.6.3
4
url pkg:gem/recurly@2.7.8
purl pkg:gem/recurly@2.7.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.7.8
5
url pkg:gem/recurly@2.8.2
purl pkg:gem/recurly@2.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.8.2
6
url pkg:gem/recurly@2.9.2
purl pkg:gem/recurly@2.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.9.2
7
url pkg:gem/recurly@2.10.4
purl pkg:gem/recurly@2.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.10.4
8
url pkg:gem/recurly@2.11.2
purl pkg:gem/recurly@2.11.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.11.2
9
url pkg:gem/recurly@2.11.3
purl pkg:gem/recurly@2.11.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.11.3
aliases CVE-2017-0905, GHSA-x27v-x225-gq8g
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7h1b-dewp-p3av
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/recurly@2.4.10