GHSA-89v5-38xr-9m4j: Postiz has Multiple SSRF Vectors - Webhooks, RSS Feed, URL Loader
Postiz has multiple SSRF vulnerabilities where user-provided URLs are fetched server-side without any IP validation or SSRF protection.
References
- github.com/advisories/GHSA-89v5-38xr-9m4j
- github.com/gitroomhq/postiz-app
- github.com/gitroomhq/postiz-app/commit/0ad89ccd26b1c387c4f3f3544b18c20d33586466
- github.com/gitroomhq/postiz-app/commit/be5d871896e97cb1f5a2c9241f156b6a1e1debe8
- github.com/gitroomhq/postiz-app/releases/tag/v2.21.2
- github.com/gitroomhq/postiz-app/security/advisories/GHSA-89v5-38xr-9m4j
Code Behaviors & Features
Detect and mitigate GHSA-89v5-38xr-9m4j with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →