CVE-2025-52477

Name of the Vulnerable Software and Affected Versions: Octo-STS versions prior to v0.5.3

Description: Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. The issue allows for unauthenticated Server-Side Request Forgery (SSRF) by abusing fields in OpenID Connect tokens. Malicious tokens can trigger internal network requests, which could reflect error logs containing sensitive information.

Recommendations: Upgrade to v0.5.3 to resolve this issue, as this version includes patch sets to sanitize input and redact logging.