HackerOne: Server Side Request Forgery (SSRF) in webhook functionality
Server Side Request Forgery SSRF vulnerability found in webhook functionality. Attacker able to bypass anti-SSRF protections by using IPv6 address mapped to IPv4. This allowed unauthorized access to internal AWS EC2 metadata instance...