Haoit

**Name of the Vulnerable Software and Affected Versions** Statamic versions prior to 5.73.22 Statamic versions prior to 6.18.1 **Description** The Glide image proxy contains a flaw where URL validation can be bypassed using an IP representation that is not normalized before the public-IP check. This allows an unauthenticated user to force the server to make HTTP requests to internal addresses, such as loopback, private networks, and cloud metadata endpoints. This issue specifically affects sites that pass user-supplied URLs to Glide and does not impact sites running PHP 8.3 or newer. **Recommendations** Update to version 5.73.22. Update to version 6.18.1.