CVE-2023-27159

Name of the Vulnerable Software and Affected Versions Appwrite versions up to v1.2.1

Description The issue is related to insufficient validation of incoming requests in the /v1/avatars/favicon component of the Appwrite backend platform for developing mobile and web applications. This allows a remote attacker to perform a Server-Side Request Forgery (SSRF) attack using a specially crafted GET request, potentially accessing network resources and sensitive information.

Recommendations For Appwrite versions up to v1.2.1, as a temporary workaround, consider restricting access to the /v1/avatars/favicon component until a patch is available. Avoid using this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.