GHSA-QWXP-6QF9-WR4M PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation

The /download endpoint validates only the initial URL provided by the user using validateDownloadURL to prevent requests to internal or private network addresses. Exploitation requires \security.allowDownload=true, which is disabled by default. However, pages loaded by the embedded Chromium brows...