Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.16.5 InvenTree versions prior to 0.17.0

Description The issue allows a malicious actor to potentially extract information about server-side resources by abusing the "download image from remote URL" feature. Submitting a crafted URL can raise a server-side error, which may contain sensitive information about the server-side request, including the availability of the remote resource.

Recommendations For versions prior to 0.16.5, update to version 0.16.5 to resolve the issue. For versions prior to 0.17.0, update to version 0.17.0 to resolve the issue. As a temporary workaround, consider disabling the "download image from remote URL" feature in InvenTree to prevent users from accessing this information.