Headline
CVE-2022-38298: fix: Adding a check for invalid hosts on redirects as well by mohanarpit · Pull Request #15782 · appsmithorg/appsmith
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Pick a username
Email Address
Password
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account