github.com/stripe/smokescreen is vulnerable to server-side request forgery. The vulnerability exists in BuildProxy
and handleConnect
functions in smokescreen.go
due to the deny list option that smokescreen offers which allows an attacker to bypass the deny list feature.