Critical severityGHSA Advisory· Published Apr 29, 2021· Updated Apr 28, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
CVE-2021-30492
Description
Impact
Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).
Resolution
Validate the provided Zendesk subdomain to be a valid subdomain in: * getAuthUrl * getAccessToken
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendesk/zendesk_api_client_phpPackagist | < 2.2.11 | 2.2.11 |
Affected products
2- Range: < 2.2.11
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.