Server Side Request Forgery
Low
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
It was found that one lark endpoint was susceptible to a Server-Side Request Forgery (SSRF) vulnerability using the parameter "URL" which could have potentially been used by an attacker to conduct host/port scanning on the internal network. We thank @jin0ne for reporting this to our team and confirming the resolution.
Actions:
Reported by
jin0ne
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)