/applications/dpc_(get|post) provide full access to api.steampowered.com with the Dota2 API key
High
V
Valve
Submitted None
Team Summary
Official summary from Valve
Insufficient validation of parameters enabled using path traversal to call arbitrary API methods using an API key that had elevated privileges for Dota2.
Actions:
Reported by
lolcanyouexplainagainpleaselol
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)