2 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in Glide when operating in insecure mode. An unauthenticated attacker can access internal services and cloud metadata endpoints by supplying arbitrary URLs to the image proxy or watermark feature. This i...
Statamic Vulnerable to Server-Side Request Forgery via Glide
Impact When Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary URLs—either via the URL directly or via the watermark feature. That can allow access to internal...