php · paymenter/paymenterHeads-up
paymenter/paymenter: PayPal webhook endpoint vulnerable to SSRF via unvalidated PAYPAL-CERT-URL header
The PayPal webhook endpoint `/extensions/paypal/webhook` now processes the `PAYPAL-CERT-URL` HTTP header without validation, allowing attackers to control serve
What changed
The PayPal webhook endpoint `/extensions/paypal/webhook` now processes the `PAYPAL-CERT-URL` HTTP header without validation, allowing attackers to control server-side HTTP request destinations.
Who it affects
All installations of paymenter/paymenter using the PayPal webhook endpoint.
What to do today
Update to the latest patched version or apply a workaround to validate the `PAYPAL-CERT-URL` header against an allowlist.
The trail
Collected→
Audited→
Written→
Published