Server-Side Request Forgery vulnerability

The /auth/uploadByUrl endpoint allows a URL to be submitted for the server to access. An attacker can exploit this to send requests to the server, and a Server-Side Request Forgery (SSRF) vulnerability allows the attacker to manipulate the server into making requests, potentially leading to access to internal systems and leakage of sensitive information.

**Remediation Suggestions:** If the functionality is not essential, it is recommended to remove it, or define a whitelist that users can specify, or filter out internal addresses

![image](https://github.com/user-attachments/assets/b18628d7-9981-4956-ac37-3256c3bf7172)
![image](https://github.com/user-attachments/assets/e54cc433-1295-4169-9d8c-a87b771e9bb8)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Server-Side Request Forgery vulnerability #31

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Server-Side Request Forgery vulnerability #31

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions