Automattic: SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing

Summary FFmpeg is a video encoding software that appears to be used by wordpress.com for video processing for paid accounts. FFmpeg is known to process HLS playlists that may contain references to external files. I was able to fire this feature using GAB2 subtitle chunks inside an AVI file. After...