GHSA-3JVJ-V6W2-H948 Lemmy has SSRF in /api/v3/post via Webmention dispatch
Summary Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is created in a public community, the backend asynchronously sends a Webmention to the attacker-controlled link target. The submitted URL is checked for syntax and scheme, but th...