CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

arkadiyt-projects: DNS Rebinding Attack

Hi, there is a DNS rebinding vulnerability in your SSRF filter. F4891755 You validate the hostname's IP address, but then pass the hostname to Net::HTTP.start, which does its own DNS lookup. An attacker can control a DNS server that returns a safe public IP during validation, then returns 127.0.0...