LY Corporation: Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form

A SSRF in the resizer's /form endpoint allowed for leaking HTTP protocol based information from our internal network. The vulnerability could be used to scan ports and get service banners like SSH versions etc, but it was also possible to leak images available on the internal network. If an...