Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-Q348-F93X-9GX4
HistoryApr 29, 2021 - 9:53 p.m.

Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain

2021-04-2921:53:06
Google
osv.dev
12
zendesk
input validation
subdomain
library
ssrf
JSON

Impact

Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).

Resolution

Validate the provided Zendesk subdomain to be a valid subdomain in:

  • getAuthUrl
  • getAccessToken

Related

cve 1
veracode 1
github 1
cve
cve
CVE-2021-30492
2022-02-25 08:28:30
veracode
veracode
Server Side Request Forgery (SSRF)
2021-04-30 06:35:31
github
github
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
2021-04-29 21:53:06
JSON
Related for OSV:GHSA-Q348-F93X-9GX4
cve1veracode1github1