Name of the Vulnerable Software and Affected Versions terriajs-server versions prior to 2.7.4

Description The issue allows for Server-Side Request Forgery (SSRF) under specific conditions. If an attacker has access to a server whitelisted by the terriajs-server proxy, or if they can modify the DNS records of a whitelisted domain, they can exploit the terriajs-server proxy to access any HTTP-accessible resources available to the server. This includes private resources within the hosting environment.

Recommendations Upgrade to version 2.7.4 or later.