Appsmith below v1.8.1 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via DNS Rebinding technique to hit AWS internal metadata endpoint and for retrieving data.
https://drive.google.com/file/d/1rXnHmhCpo59NjMZJGqKUuOZaQzkXjw6p/view?usp=sharing