2 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...
Command Injection
Overview idno/known is an A social publishing platform Affected versions of this package are vulnerable to Command Injection through the importImagesFromBodyHTML process and unsanitized template parameter handling. An attacker can execute arbitrary operating system commands as the web server user...