#SSRF

0 posts0 participants0 posts today

The New OilHackers target <a href="https://mastodon.thenewoil.org/tags/SSRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRF</a> bugs in <a href="https://mastodon.thenewoil.org/tags/EC2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EC2</a>-hosted sites to steal <a href="https://mastodon.thenewoil.org/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> credentials<a href="https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Fedify: an ActivityPub server frameworkFedifyのWebFinger実装における脆弱性<a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow noopener noreferrer" target="_blank">CVE-2025-23221</a>に対するセキュリティアップデート（<a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow noopener noreferrer" target="_blank">1.0.14</a>、<a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow noopener noreferrer" target="_blank">1.1.11</a>、<a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow noopener noreferrer" target="_blank">1.2.11</a>、<a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow noopener noreferrer" target="_blank">1.3.4</a>）をリリースいたしました。すべてのユーザー様におかれましては、お使いのバージョンに応じた最新版への速やかなアップデートを推奨いたします。 脆弱性の詳細 セキュリティ研究者により、Fedifyの<code>lookupWebFinger()</code>関数において以下のセキュリティ上の問題が発見されました： <ul> <li>無限リダイレクトループによるサービス拒否攻撃（DoS）の可能性</li> <li>プライベートネットワークアドレスへのリダイレクトを利用したSSRF（サーバーサイドリクエストフォージェリ）攻撃の可能性</li> <li>リダイレクト操作による意図しないURLスキームへのアクセスの可能性</li> </ul> 修正されたバージョン <ul> <li>1.3.xシリーズ：<a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow noopener noreferrer" target="_blank">1.3.4</a>へアップデート</li> <li>1.2.xシリーズ：<a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow noopener noreferrer" target="_blank">1.2.11</a>へアップデート</li> <li>1.1.xシリーズ：<a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow noopener noreferrer" target="_blank">1.1.11</a>へアップデート</li> <li>1.0.xシリーズ：<a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow noopener noreferrer" target="_blank">1.0.14</a>へアップデート</li> </ul> 変更内容 本セキュリティアップデートでは、以下の修正が実施されました： <ol> <li>無限リダイレクトループを防ぐため、最大リダイレクト回数（5回）の制限を導入</li> <li>元のリクエストと同じスキーム（HTTP/HTTPS）のみにリダイレクトを制限</li> <li>SSRFを防止するため、プライベートネットワークアドレスへのリダイレクトをブロック</li> </ol> アップデート方法 以下のコマンドで最新のセキュアバージョンにアップデートできます： <pre><code># npmユーザーの場合 npm update @fedify/fedify # Denoユーザーの場合 deno add jsr:@fedify/fedify </code></pre> この脆弱性を責任を持って報告していただいたセキュリティ研究者の方に感謝申し上げます。迅速な対応が可能となりました。 本脆弱性の詳細については、<a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow noopener noreferrer" target="_blank">セキュリティ勧告</a>をご参照ください。 ご質問やご懸念がございましたら、<a href="https://github.com/dahlia/fedify/discussions" rel="nofollow noopener noreferrer" target="_blank">GitHub Discussions</a>、<a href="https://matrix.to/#/#fedify:matrix.org" rel="nofollow noopener noreferrer" target="_blank">Matrixチャットスペース</a>、または<a href="https://discord.gg/bhtwpzURwd" rel="nofollow noopener noreferrer" target="_blank">Discordサーバー</a>までお気軽にご連絡ください。 <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Fedify" target="_blank">#Fedify</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/WebFinger" target="_blank">#WebFinger</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3" target="_blank">#セキュリティ</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/%E8%84%86%E5%BC%B1%E6%80%A7" target="_blank">#脆弱性</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/DoS" target="_blank">#DoS</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/SSRF" target="_blank">#SSRF</a>

Fedify: an ActivityPub server framework<a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Fedify" target="_blank">#Fedify</a> 프레임워크의 <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/WebFinger" target="_blank">#WebFinger</a> 구현에서 발견된 보안 취약점 <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow noopener noreferrer" target="_blank">CVE-2025-23221</a>을 해결하기 위한 보안 업데이트(<a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow noopener noreferrer" target="_blank">1.0.14</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow noopener noreferrer" target="_blank">1.1.11</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow noopener noreferrer" target="_blank">1.2.11</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow noopener noreferrer" target="_blank">1.3.4</a>)를 배포했습니다. 모든 사용자께서는 각자 사용 중인 버전에 해당하는 최신 버전으로 즉시 업데이트하시기를 권장합니다. 취약점 내용 보안 연구자가 Fedify의 <code>lookupWebFinger()</code> 함수에서 다음과 같은 보안 문제점들을 발견했습니다: <ul> <li>무한 리다이렉트 루프를 통한 서비스 거부 공격 가능</li> <li>내부 네트워크 주소로의 리다이렉트를 통한 SSRF (서버측 요청 위조) 공격 가능</li> <li>리다이렉트 조작을 통한 의도하지 않은 URL 스킴 접근 가능</li> </ul> 수정된 버전 <ul> <li>1.3.x 시리즈: <a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow noopener noreferrer" target="_blank">1.3.4</a>로 업데이트</li> <li>1.2.x 시리즈: <a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow noopener noreferrer" target="_blank">1.2.11</a>로 업데이트</li> <li>1.1.x 시리즈: <a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow noopener noreferrer" target="_blank">1.1.11</a>로 업데이트</li> <li>1.0.x 시리즈: <a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow noopener noreferrer" target="_blank">1.0.14</a>로 업데이트</li> </ul> 변경 사항 이번 보안 업데이트에는 다음과 같은 수정 사항이 포함되어 있습니다: <ol> <li>무한 리다이렉트 루프를 방지하기 위해 최대 리다이렉트 횟수 제한(5회) 도입</li> <li>원래 요청과 동일한 스킴(HTTP/HTTPS)으로만 리다이렉트 허용하도록 제한</li> <li>SSRF 공격 방지를 위해 내부 네트워크 주소로의 리다이렉트 차단</li> </ol> 업데이트 방법 다음 명령어로 최신 보안 버전으로 업데이트하실 수 있습니다: <pre><code># npm 사용자의 경우 npm update @fedify/fedify # Deno 사용자의 경우 deno add jsr:@fedify/fedify </code></pre> 이 취약점을 책임감 있게 보고해 주신 보안 연구자께 감사드립니다. 덕분에 신속하게 문제를 해결할 수 있었습니다. 이 취약점에 대한 자세한 내용은 <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow noopener noreferrer" target="_blank">보안 권고문</a>을 참고해 주시기 바랍니다. 문의 사항이나 우려 사항이 있으시다면 <a href="https://github.com/dahlia/fedify/discussions" rel="nofollow noopener noreferrer" target="_blank">GitHub Discussions</a>나 <a href="https://matrix.to/#/#fedify:matrix.org" rel="nofollow noopener noreferrer" target="_blank">Matrix 채팅방</a>, 또는 <a href="https://discord.gg/bhtwpzURwd" rel="nofollow noopener noreferrer" target="_blank">Discord 서버</a>를 통해 언제든 연락해 주시기 바랍니다. <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/%EB%B3%B4%EC%95%88" target="_blank">#보안</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/%EB%B3%B4%EC%95%88%ED%8C%A8%EC%B9%98" target="_blank">#보안패치</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/%EC%B7%A8%EC%95%BD%EC%A0%90" target="_blank">#취약점</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/SSRF" target="_blank">#SSRF</a>

Fedify: an ActivityPub server frameworkWe have released <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/security" target="_blank">#security</a> updates (<a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow noopener noreferrer" target="_blank">1.0.14</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow noopener noreferrer" target="_blank">1.1.11</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow noopener noreferrer" target="_blank">1.2.11</a>, <a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow noopener noreferrer" target="_blank">1.3.4</a>) to address <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow noopener noreferrer" target="_blank">CVE-2025-23221</a>, a <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/vulnerability" target="_blank">#vulnerability</a> in <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Fedify" target="_blank">#Fedify</a>'s <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/WebFinger" target="_blank">#WebFinger</a> implementation. We recommend all users update to the latest version of their respective release series immediately. The Vulnerability A security researcher identified multiple security issues in Fedify's <code>lookupWebFinger()</code> function that could be exploited to: <ul> <li>Perform denial of service attacks through infinite redirect loops</li> <li>Execute server-side request forgery (<a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/SSRF" target="_blank">#SSRF</a>) attacks via redirects to private network addresses</li> <li>Access unintended URL schemes through redirect manipulation</li> </ul> Fixed Versions <ul> <li>1.3.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.3.4" rel="nofollow noopener noreferrer" target="_blank">1.3.4</a></li> <li>1.2.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.2.11" rel="nofollow noopener noreferrer" target="_blank">1.2.11</a></li> <li>1.1.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.1.11" rel="nofollow noopener noreferrer" target="_blank">1.1.11</a></li> <li>1.0.x series: Update to <a href="https://github.com/dahlia/fedify/releases/tag/1.0.14" rel="nofollow noopener noreferrer" target="_blank">1.0.14</a></li> </ul> Changes The security updates implement the following fixes: <ol> <li>Added a maximum redirect limit (5) to prevent infinite redirect loops</li> <li>Restricted redirects to only follow the same scheme as the original request (HTTP/HTTPS)</li> <li>Blocked redirects to private network addresses to prevent SSRF attacks</li> </ol> How to Update To update to the latest secure version: <pre><code># For npm users npm update @fedify/fedify # For Deno users deno add jsr:@fedify/fedify </code></pre> We thank the security researcher who responsibly disclosed this vulnerability, allowing us to address these issues promptly. For more details about this vulnerability, please refer to our <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-c59p-wq67-24wx" rel="nofollow noopener noreferrer" target="_blank">security advisory</a>. If you have any questions or concerns, please don't hesitate to reach out through our <a href="https://github.com/dahlia/fedify/discussions" rel="nofollow noopener noreferrer" target="_blank">GitHub Discussions</a>, join our <a href="https://matrix.to/#/#fedify:matrix.org" rel="nofollow noopener noreferrer" target="_blank">Matrix chat space</a>, or our <a href="https://discord.gg/bhtwpzURwd" rel="nofollow noopener noreferrer" target="_blank">Discord server</a>.

MalteAnd the recording is now available! <a href="https://media.ccc.de/v/god2024-56281-ssrf-attacks-defense-and-s" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://media.ccc.de/v/god2024-56281-ssrf-attacks-defense-and-s</a><a href="https://chaos.social/tags/ssrf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssrf</a> <a href="https://chaos.social/tags/god" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#god</a> <a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>

MalteI'll give a talk on Wednesday at the Germany OWASP Day, <a href="https://chaos.social/tags/GOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GOD</a>, about <a href="https://chaos.social/tags/SSRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRF</a> and our research results!<a href="https://god.owasp.de/2024/#programm" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://god.owasp.de/2024/#programm</a>

FediTestTo all you <a href="https://mastodon.social/tags/developers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#developers</a> implementing <a href="https://mastodon.social/tags/SSRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRF</a> protections in your <a href="https://mastodon.social/tags/fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fediverse</a> applications...We are all in favor of those protections. But!Have a setting that lets projects like <a href="https://mastodon.social/tags/FediTest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FediTest</a> override it. Otherwise how can anybody test interop on anything other than on the public internet?Mastodon has a ALLOWED_PRIVATE_ADDRESSES setting, which is one way of doing it. Or just have a setting with a default value of what's disabled, and let people override it. Or whatever.But we need something ...

Tarnkappe.info📬 Microsoft Copilot Studio: Datenleck durch SSRF-Schwachstelle möglich <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITSicherheit</a> <a href="https://social.tchncs.de/tags/CopilotStudio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CopilotStudio</a> <a href="https://social.tchncs.de/tags/CVE202438206" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202438206</a> <a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.tchncs.de/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sicherheitslücke</a> <a href="https://social.tchncs.de/tags/SSRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRF</a> <a href="https://social.tchncs.de/tags/SSRFSchwachstelle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRFSchwachstelle</a> <a href="https://sc.tarnkappe.info/8a01bf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.tarnkappe.info/8a01bf</a>

PrivacyDigest<a href="https://mas.to/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://mas.to/tags/Copilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Copilot</a> Studio <a href="https://mas.to/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Exploit</a> Leaks Sensitive Cloud Data A server-side request forgery ( <a href="https://mas.to/tags/SSRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRF</a> ) bug in Microsoft's tool for creating custom <a href="https://mas.to/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://mas.to/tags/chatbots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#chatbots</a> potentially exposed info across multiple tenants within cloud environments <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a><a href="https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.darkreading.com/remote-workforce/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data</a>

Fedify: an ActivityPub server frameworkWe released <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/Fedify" target="_blank">#Fedify</a> <a href="https://github.com/dahlia/fedify/releases/tag/0.9.2" rel="nofollow noopener noreferrer" target="_blank">0.9.2</a>, <a href="https://github.com/dahlia/fedify/releases/tag/0.10.1" rel="nofollow noopener noreferrer" target="_blank">0.10.1</a>, and <a href="https://github.com/dahlia/fedify/releases/tag/0.11.1" rel="nofollow noopener noreferrer" target="_blank">0.11.1</a>, which patched the last reported <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/vulnerability" target="_blank">#vulnerability</a>, <a href="https://github.com/dahlia/fedify/security/advisories/GHSA-p9cg-vqcc-grcx" rel="nofollow noopener noreferrer" target="_blank">CVE-2024-39687</a>, but the vulnerability of <a href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery" rel="nofollow noopener noreferrer" target="_blank">SSRF</a> attacks via DNS rebinding still exists, so we released Fedify <a href="https://github.com/dahlia/fedify/releases/tag/0.9.3" rel="nofollow noopener noreferrer" target="_blank">0.9.3</a>, <a href="https://github.com/dahlia/fedify/releases/tag/0.10.2" rel="nofollow noopener noreferrer" target="_blank">0.10.2</a>, and <a href="https://github.com/dahlia/fedify/releases/tag/0.11.2" rel="nofollow noopener noreferrer" target="_blank">0.11.2</a>, which fixes it. If you are using an earlier version, please update as soon as possible. Thanks to <a translate="no" class="h-card u-url mention" href="https://catcatnya.com/@benaryorg" rel="nofollow noopener noreferrer" target="_blank">@benaryorg</a> for reporting the vulnerability! <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/SSRF" target="_blank">#SSRF</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/security" target="_blank">#security</a> <a class="mention hashtag" rel="nofollow noopener noreferrer" href="https://hollo.social/tags/fedidev" target="_blank">#fedidev</a>

BillAlright folks. I'm seeing something I have never seen before. It's a SSRF attack that adds app?UniX: to a web server GET request, and then passes in various things with an eventual payload. Makes a big, long URL.The big long URL, the eventual payload, no problem. I get that, seen it before. My issue is the unix: like a protocol tag. Has anyone ever seen that? And do you know how hard it is to search for something with a colon at the end on today's web? Anyway.<a href="https://infosec.exchange/tags/webdev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webdev</a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://infosec.exchange/tags/unix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#unix</a> <a href="https://infosec.exchange/tags/windowsserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#windowsserver</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/ssrf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssrf</a>

Olivier ForgetQuestion for <a href="https://social.tchncs.de/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#selfhost</a> <a href="https://social.tchncs.de/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#homelab</a> <a href="https://social.tchncs.de/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#server</a> folks: how do you handle the threat of <a href="https://social.tchncs.de/tags/SSRF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSRF</a> attacks meant to probe your internal network?SSRF is usually mitigated by preventing any requests to an IP that is not publicly accessible [1]But in a home / self hosted env, you probably want to allow your local services to talk to each-other. If you run an app that makes requests to arbitrary addresses (think fedi server!) you may now be exposed? [1] <a href="https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html#case-2-application-can-send-requests-to-any-external-ip-address-or-domain-name" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html#case-2-application-can-send-requests-to-any-external-ip-address-or-domain-name</a>

Recent searches

Search options

Administered by:

Server stats: