Jafarakhondali

**Name of the Vulnerable Software and Affected Versions** CodeWhale versions prior to 0.8.26 **Description** Server-Side Request Forgery (SSRF) occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as `http://[::1]`. While the system validates hostnames that resolve to private IPv6 addresses, direct IPv6 input bypasses these defenses, potentially allowing access to local restricted resources. **Recommendations** Update to version 0.8.26.

**Name of the Vulnerable Software and Affected Versions** webui-aria2 version 4fe2e **Description** The issue is related to a path traversal vulnerability in the WebUI-Aria2 interface. This vulnerability is due to incorrect restriction of the directory path name with limited access. Exploitation of this issue may allow a remote attacker to disclose protected information. **Recommendations** For version 4fe2e, consider restricting access to sensitive directories to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.