You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is possible to request local hostnames, which is for sure unintended for an application designated to users. If not sandboxed, an attacker can get information about the architecture or, in a miraculous scenario, perform malicious requests (https://bank.com/transfer).
It is possible to request local hostnames, which is for sure unintended for an application designated to users. If not sandboxed, an attacker can get information about the architecture or, in a miraculous scenario, perform malicious requests (
https://bank.com/transfer).https://github.com/thumbor/thumborizeme/blob/6dd7fde02ca7f6a3ac4ee2952bd2f2b2a6e9a1c3/thumborizeme/handlers/report.py#L87C1-L100C50
As for reference in the live demo, check it here.
The text was updated successfully, but these errors were encountered: