Tag

Metascraper

1 brief RSS

Karakeep SDK SSRF via metascraper-logo-favicon

Karakeep SDK is vulnerable to SSRF via the `metascraper-logo-favicon` plugin, which bypasses intended SSRF protections by making HTTP requests to URLs extracted from attacker-controlled HTML `<link rel="icon">` tags, allowing authenticated users to trigger server-side requests to arbitrary internal URLs.

@karakeep/sdk +1 ssrf karakeep metascraper web-application

2r 2t 1i 2h ago