Server-Side Request Forgery vulnerability

[Redpeppersir]

The /auth/uploadByUrl endpoint allows a URL to be submitted for the server to access. An attacker can exploit this to send requests to the server, and a Server-Side Request Forgery (SSRF) vulnerability allows the attacker to manipulate the server into making requests, potentially leading to access to internal systems and leakage of sensitive information.

Remediation Suggestions: If the functionality is not essential, it is recommended to remove it, or define a whitelist that users can specify, or filter out internal addresses