GHSA-Q59X-JC9F-GFQF Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
Summary signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery SSRF vulnerability in three administrative endpoints used for remote Signal K server connection management. The makeRemoteRequest function accepts attacker-controlled host, port, useTLS, and...