Postiz: SSRF in upload-from-url endpoint allows fetching internal resources and cloud metadata

Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get() with no SSRF protections. The only validation is a file extension check (.png, .jpg, etc.) which is trivially bypassed by appending an image extension to any URL path. An authenticated API user can fetch internal network resources, cloud instance metadata, and other internal services, with the response data uploaded to storage and returned to the attacker. This issue has been patched in version 2.21.3.

N/A

服务端请求伪造(SSRF)

Gitroom Postiz 代码问题漏洞

Gitroom Postiz是Gitroom开源的一个社交媒体日程安排工具。 Gitroom Postiz 2.21.3之前版本存在代码问题漏洞，该漏洞源于POST /public/v1/upload-from-url端点缺少服务端请求伪造保护，可能导致经过身份验证的API用户获取内部网络资源。

N/A

N/A