github.com/kubevela/kubevela is vulnerable to server-side request forgery. The vulnerability is due to common.go
because the request address in the warehouse is not properly restricted which allows an attacker to cause a SSRF bypass via a crafted url.