github.com/goharbor/harbor is vulnerable to server-side request forgery (SSRF). The vulnerability exists due to a legacy endpoint to test webhook, allowing an attacker with permissions to edit projects to perform a port scan of hosts within the internal network.