In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade @karakeep/sdk to version 0.32.0 or higher.
@karakeep/sdk is a Typescript SDK for Karakeep
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the metascraper-logo-favicon process. An attacker can cause the server to make unauthorized HTTP requests to internal or sensitive network resources by submitting crafted HTML containing malicious <link rel="icon"> tags. This can result in exposure of cloud metadata, internal service discovery, or leakage of sensitive data through redirects.