js · @budibase/serverCritical

@budibase/server: OAuth2 token fetch and REST integration lack SSRF protection

OAuth2 token fetch in packages/server/src/sdk/workspace/oauth2/utils.

13 Jun 2026Read 1 minSeverity: act now

What changed

OAuth2 token fetch in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch() without SSRF protection. REST integration in packages/server/src/integrations/rest.ts does not re-check redirect targets against blacklist.

Who it affects

All Budibase deployments where users have BUILDER role; cloud deployments are at risk of metadata exfiltration.

What to do today

Replace fetch() with fetchWithBlacklist() in OAuth2 token fetch and REST integration, and ensure redirect targets are re-checked.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · @budibase/server

@budibase/server: OAuth2 token fetch and REST integration lack SSRF protection

What changed

Who it affects

What to do today

More on @budibase/server

ESLint 10.5.0 Released

tailwindcss 4.3.1 released