Skip to content

Add Input Validation for Zendesk Subdomain
Compare
Choose a tag to compare
@thekindofme thekindofme released this 28 Apr 22:01
· 138 commits to master since this release
v2.2.11
b451b74
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).

Validate the provided Zendesk subdomain to be a valid subdomain in:

  • getAuthUrl
  • getAccessToken

References

Assets 2
Loading