Basecamp: Link unfurling calls out to arbitrary URLs and the private-network guard misses link-local addresses
A vulnerability was discovered in the application that allowed authenticated users to supply a URL that the server would fetch for OpenGraph data. The "private network" guard only blocked certain IP ranges, but ignored link-local addresses, enabling server-side requests to be made to those hosts...