Advisories for Npm/Postiz package

Postiz has multiple SSRF vulnerabilities where user-provided URLs are fetched server-side without any IP validation or SSRF protection.

A successful SSRF attack allows an attacker to: Bypass firewalls to scan and interact with internal network services/ports. Access sensitive cloud metadata services (e.g., AWS IMDS 169.254.169.254) to potentially leak instance credentials. Pivot into the internal network environment where Postiz is hosted.