CVE-2023-27160

Name of the Vulnerable Software and Affected Versions forem versions up to v2022.11.11

Description The issue is related to a Server-Side Request Forgery (SSRF) via the component "/articles/{id}". This allows attackers to access network resources and sensitive information via a crafted POST request.

Recommendations For versions up to v2022.11.11, consider restricting access to the "/articles/{id}" component until a patch is available. As a temporary workaround, avoid using the id variable in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.