Wangyikewxgm

**Name of the Vulnerable Software and Affected Versions** KubeVela versions 1.5 through 1.5.7 KubeVela versions 1.6 through 1.6.0 **Description** KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this issue. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. **Recommendations** For versions 1.5 through 1.5.7, update to version 1.5.8 or later. For versions 1.6 through 1.6.0, update to version 1.6.1 or later. As a temporary workaround, consider restricting the request address of the warehouse when using Helm Chart as the component delivery method until a patch is available.