Ehsandeep

**Name of the Vulnerable Software and Affected Versions** FlyteConsole versions prior to 0.52.0 **Description** The issue concerns server-side request forgery (SSRF) when FlyteConsole is exposed to the general internet. An attacker can exploit this to access internal metadata servers or other unauthenticated URLs, potentially leading to the passing of headers to unauthorized actors. **Recommendations** For FlyteConsole versions prior to 0.52.0, update to version 0.52.0, which includes a patch that deletes the entire `cors proxy` as it is no longer required for the console. As a temporary workaround, consider disabling FlyteConsole's availability on the internet to minimize the risk of exploitation.