When using the `ssrfFilter` library in conjunction with the Request library in JavaScript there is a bug that can result in the SSRF filter being disabled.The way the anti-SSRF library, `ssrfFilter` works is that is creates its own object that cna be used in=place of Node's default request agent for http/http requests...
Fun little CSS injection turned full-read SSRF thanks to an (imo) overly powerful PDF generator.
A long chain of issues going from blind SSRF to new-line injection to a blind Livestatus Query Language (LQL) injection to arbitrary file deletion and finally a race condition leading to authentication bypass.
A cool look at finding a vulnerability on a statically generated website, due to the presence of an image optimizer running as a serverless function.The Netlify IPX would normally validate image urls before fetching them to ensure the host is whitelisted (none by default), however this whitelist is skipped when it believe the URL is a local URL, meaning it does not start with `http`...
A somewhat simple security control bypass in Apache Batik's `DefaultScriptSecurity` and `DefaultExternalResourceSecurity` controls.Where Batik has to be able to load SVG files (and associated resources) from either a local or remote source, it makes for an interesting attack for SSRF and/or RCE...
The title says pretty much all that you need to know, the `got` HTTP request library for Node will follow redirects to a Unix socket.So an attacker who can invoke a request (SSRF) to a server they control could redirect that request back towards a unix socket on the local machine...