Lucene search
Veracode Vulnerability DatabaseVERACODE:30303HistoryApr 30, 2021 - 6:35 a.m.
Server Side Request Forgery (SSRF)
2021-04-3006:35:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
server side request forgery
zendesk subdomain
http requests
zendesk/zendesk_api_client_php is vulnerable to server side request forgery (SSRF). The vulnerability exists as it does not validate provided Zendesk subdomain to be a valid subdomain in the function getAuthUrl and getAccessToken, allowing an attacker to send arbitrary HTTP requests on behalf of the server.
Related
osv
osv
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
2021-04-29 21:53:06
cve
cve
CVE-2021-30492
2022-02-25 08:28:30
github
github
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
2021-04-29 21:53:06
Related for VERACODE:30303