kyleboe
commented
2 years ago Hi @rwoliver2,
I appreciate the concern, but thankfully the lack of web SDK vulnerabilities applies to this project as well. This project is strictly a Ruby wrapper around the Zoom API. The platform-specific, native (Windows, Linux, macOS, etc) client SDK is where the announced vulnerabilities reside and this project (past and present) has zero overlap with those native libraries.
To further clarify, we are using JWT (JWT spec) and/or OAuth2 (OAuth2 Spec) for authentication/authorization so there are unlikely any issues with those battle-tested standards.
Thanks for the concern though :+1:
There are quite a few CVEs lately against the Zoom client itself, and although the recent bulletin (https://explore.zoom.us/en/trust/security/security-bulletin/) stated that the web SDK was unaffected, I wanted to see if there are any known security issues with any of the earlier versions of this gem?