You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
egelhaus
published
GHSA-48c8-25jq-m55fJul 11, 2025
Package
postiz-app
Affected versions
>= 1.45.1 < 1.62.3
Patched versions
1.62.3
Description
A vulnerability has been identified in the Postiz frontend application that allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) condition, which can be exploited to initiate unauthorized outbound requests from the server hosting the Postiz application.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Learn more on MITRE.
prdngr Reporter
A vulnerability has been identified in the Postiz frontend application that allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery (SSRF) condition, which can be exploited to initiate unauthorized outbound requests from the server hosting the Postiz application.