signalk-server SSRF vulnerability in makeRemoteRequest() up to 2.27.0

A Server-Side Request Forgery (SSRF) vulnerability was discovered in signalk-server versions up to and including 2.27.0. The `makeRemoteRequest()` function in `src/serverroutes.ts` accepts attacker-controlled `host`, `port`, `useTLS`, and `selfsignedcert` parameters without validation, allowing arbitrary HTTP/HTTPS requests to internal or external destinations. Additionally, when security is not configured (default), the vulnerable endpoints require no authentication.

All signalk-server installations up to version 2.27.0, especially those with default security settings (no admin user created).

Update signalk-server to a patched version if available, or restrict network access to the administrative endpoints and configure authentication.