Описание
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Impact
Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).
Resolution
Validate the provided Zendesk subdomain to be a valid subdomain in:
- getAuthUrl
- getAccessToken
Пакеты
Наименование
zendesk/zendesk_api_client_php
composer
Затронутые версииВерсия исправления
< 2.2.11
2.2.11
CVE ID
Дефекты
CWE-20
CWE-918
Связанные уязвимости
CVE ID
Дефекты
CWE-20
CWE-918