Gabek

**Name of the Vulnerable Software and Affected Versions** owncast/owncast versions prior to 0.1.0 **Description** The issue is related to Server-Side Request Forgery (SSRF) in the owncast/owncast GitHub repository. This allows an attacker to make requests to internal services that are not intended for external access. **Recommendations** For versions prior to 0.1.0, update to version 0.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to internal services to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Owncast versions prior to 0.0.9 **Description** The issue concerns the execution of inline scripts when Javascript is parsed via a paste action in the chat server. This can lead to the execution of malicious scripts. The problem is resolved by blocking `unsafe-inline` Content Security Policy and specifying the `script-src`. Additionally, setting `worker-src` to `blob` is required for the video player. **Recommendations** For versions prior to 0.0.9, update to version 0.0.9 to patch the issue by blocking `unsafe-inline` Content Security Policy and specifying the `script-src`. Ensure the `worker-src` is set to `blob` for the video player.