Jahit Hoque

**Name of the Vulnerable Software and Affected Versions** AppSmith Community versions 1.8.3 through 1.46 **Description** The issue allows for Server-Side Request Forgery (SSRF) via the New DataSource feature for application/json requests to the IP address 169.254.169.254, which is used to retrieve AWS metadata credentials. This can be exploited by attackers to access AWS credentials by manipulating internal server requests. **Recommendations** For versions 1.8.3 through 1.45, update to version 1.46 to resolve the issue. As a temporary workaround, consider restricting access to the New DataSource feature until the update is applied. Avoid using the New DataSource feature for application/json requests to the IP address 169.254.169.254 until the issue is resolved.