Ech0

Ech0 is vulnerable to Server-Side Request Forgery (SSRF) due to an unauthenticated API endpoint (`/api/website/title`) that fetches website titles from user-controlled URLs, lacking proper validation and TLS verification, allowing attackers to access internal resources and potentially cause denial of service.

Ech0 is vulnerable to Server-Side Request Forgery (SSRF) via the `fetchPeerConnectInfo` function, which uses `httpUtil.SendRequest` without SSRF protection, allowing authenticated users to make the server request arbitrary URLs, including internal/cloud metadata endpoints.