GHSA-P9CG-VQCC-GRCX Server Side Request Forgery (SSRF) attack in Fedify
Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...