Peter Hassall

**Name of the Vulnerable Software and Affected Versions** TerriaJS-Server versions prior to 4.0.3 **Description** A validation flaw permits an attacker to proxy domains not explicitly listed in the `proxyableDomains` configuration. The validation process only verifies if a hostname ends with an allowed domain, which allows malicious domains to be proxied through the server. For example, if `example.com` is in `proxyableDomains`, `maliciousexample.com` could also be proxied. This bypasses proxy restrictions. **Recommendations** Upgrade to version 4.0.3 to resolve the issue.