CVE-2021-39195

Name of the Vulnerable Software and Affected Versions Misskey versions prior to 12.90.0

Description A Server-Side Request Forgery issue exists in the "Upload from URL" and remote attachment handling features of Misskey, potentially leading to the disclosure of non-public information within the internal network. This issue can be mitigated by restricting access to private networks from the host where the application is running.

Recommendations For versions prior to 12.90.0, update to version 12.90.0 to resolve the issue. If a proxy is in use, additional measures will be necessary. As a temporary workaround, consider restricting access to private networks from the host where the application is running to minimize the risk of exploitation.