Encoding Error

CVE-2018-3777

High

9.8/10

Summary

Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-172 - Encoding Error

The software does not properly encode or decode the data, resulting in unexpected values.

References

Advisory Timeline

Published Aug 03, 2018