VYPR
Critical severityGHSA Advisory· Published Apr 29, 2021· Updated Apr 28, 2021

Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain

CVE-2021-30492

Description

Impact

Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).

Resolution

Validate the provided Zendesk subdomain to be a valid subdomain in: * getAuthUrl * getAccessToken

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
zendesk/zendesk_api_client_phpPackagist
< 2.2.112.2.11

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.