Koadt

**Name of the Vulnerable Software and Affected Versions** Kan versions 0.5.4 and below **Description** Kan is an open-source project management tool. Versions 0.5.4 and below lack authentication and URL validation in the `/api/download/attatchment` endpoint. This endpoint accepts a user-supplied URL query parameter, passes it directly to the `fetch()` function server-side, and returns the full response body. An unauthenticated attacker can leverage this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This is a Server-Side Request Forgery (SSRF) issue. **Recommendations** Versions prior to 0.5.5 should be updated to version 0.5.5 or later. Block or restrict access to the `/api/download/attatchment` endpoint at the reverse proxy level (nginx, Cloudflare, etc.).