Lucene search
GitHub Advisory DatabaseGHSA-Q348-F93X-9GX4HistoryApr 29, 2021 - 9:53 p.m.
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
2021-04-2921:53:06
CWE-20
CWE-918
GitHub Advisory Database
github.com
62
input validation
zendesk subdomain
server side request forgery (ssrf)
zendesk api client
software
Impact
Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).
Resolution
Validate the provided Zendesk subdomain to be a valid subdomain in:
- getAuthUrl
- getAccessToken
Affected configurations
Node
zendesksamlrRange<2.2.11
Related
osv
osv
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
2021-04-29 21:53:06
veracode
veracode
Server Side Request Forgery (SSRF)
2021-04-30 06:35:31
cve
cve
CVE-2021-30492
2022-02-25 08:28:30
Related for GHSA-Q348-F93X-9GX4