php · statamic/cmsHeads-up
statamic/cms: Glide image proxy SSRF via DNS rebinding
The Glide image proxy's URL validation could be bypassed using DNS rebinding, allowing server-side request forgery to internal addresses.
What changed
The Glide image proxy's URL validation could be bypassed using DNS rebinding, allowing server-side request forgery to internal addresses.
Who it affects
Sites that pass user-supplied URLs to Glide.
What to do today
Upgrade to version 5.73.24 or 6.20.1 to fix the vulnerability.
The trail
Collected→
Audited→
Written→
Published