We found results for “”
CVE-2021-30492
Good to know:
Date: April 13, 2021
Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF). The resolution is to validate the provided Zendesk subdomain to be a valid subdomain in: getAuthUrl getAccessToken Fixed in v2.2.11
Language: PHP
Severity Score
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |