Imlk0O

**Name of the Vulnerable Software and Affected Versions** tindy2013 subconverter version 0.6.4 **Description** The issue concerns a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it. However, it does not account for the possibility that the external request target may indirectly redirect back to this original /sub endpoint, potentially leading to a request loop and a denial of service. **Recommendations** For version 0.6.4, consider disabling the /sub API endpoint until a patch is available to prevent potential denial of service attacks. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved.