Server-Side Request Forgery in terriajs-server
Versions of terriajs-server are vulnerable to Server-Side Request Forgery (SSRF). If an attacker has access to a server allow listed by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain allow listed by the terriajs-server proxy, the attacker can use the terriajs-server proxy to access any HTTP-accessible resources that are accessible to the server, including private resources in the hosting environment. Upgrade …