HackerOne disclosed on HackerOne: Server Side Request Forgery...
We recently received a critical server-side request forgery (SSRF) vulnerability report through our bug bounty program. The issue allowed attackers to make internal requests from our application servers by exploiting a lack of output sanitization in an error message. By crafting malicious requests,…
hackerone.com