CVE-2023-49471

Name of the Vulnerable Software and Affected Versions karlomikus Bar Assistant versions prior to 3.2.0

Description The issue is related to a Blind Server-Side Request Forgery (SSRF) vulnerability. It does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Image::make() function until a patch is available.