CVE-2021-39195, GHSA-mqv7-gxh4-r5vf
npm/misskey-reversi
Server-Side Request Forgery (SSRF)
Misskey is an open source, decentralized microblogging platform. However, if you are using a proxy, you will need to take additional measures. As a workaround this exploit may be avoided by appropriately restricting access to private networks from the host where the application is running.
All versions before 12.90.0
Unfortunately, there is no solution available yet.
2021-09-16
source |