Shadia0O

**Name of the Vulnerable Software and Affected Versions** xtreme1 versions prior to 0.9.2 **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability. It is triggered through the `fileUrl` parameter in the "/api/data/upload" API endpoint, allowing an attacker to make arbitrary requests to internal or external systems. **Recommendations** For versions prior to 0.9.2, as a temporary workaround, consider restricting access to the "/api/data/upload" API endpoint until a patch is available. Avoid using the `fileUrl` parameter in the affected API endpoint until the issue is resolved.