CVE-2018-3777

Summary

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.

Affected Software

VendorProductVersion RangeStatus
https://github.com/restforcerestforce ruby gem3.0.0affected

Weaknesses

  • CWE-20: Improper Input Validation (CWE-20)

ADP Enrichment

CVE Program Container

Additional References

References