hemmelig allows SSRF Filter bypass via Secret Request functionality
Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...