You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The webhooks can use arbitrary URL as input and the request results can be retrieved back through the /api/forms/{form}/submissions endpoint.
This is a full SSRF vulnerability.
As an example, set up a server on localhost and listen on port 8000, then use http://localhost:8000/ as webhook URL, a request would be sent to localhost:8000 and the response is exposed.
This could lead to disclosure of secret information or bypass of firewalls.
The webhooks can use arbitrary URL as input and the request results can be retrieved back through the
/api/forms/{form}/submissionsendpoint.This is a full SSRF vulnerability.
As an example, set up a server on localhost and listen on port 8000, then use http://localhost:8000/ as webhook URL, a request would be sent to localhost:8000 and the response is exposed.
This could lead to disclosure of secret information or bypass of firewalls.
You can learn more about SSRF at https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
For fix, you can take a look at https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html, and https://symfony.com/doc/current/http_client.html#ssrf-server-side-request-forgery-handling