GHSA-M5R2-8P9X-HP5M Craft CMS Vulnerable to SSRF in GraphQL Asset Mutation via Alternative IP Notation
I observed a recent commit intended to mitigate Server-Side Request Forgery SSRF vulnerabilities. While the implemented defense mechanisms are an improvement, I have identified two methods to bypass these protections. This report details the first bypass method involving alternative IP notation,...