Open-Apis

Multiple functions in open-apis conduct substring-only matching to validate hostnames, allowing an attacker to perform Server-Side Request Forgery (SSRF) and capture authentication credentials by redirecting requests to an attacker-controlled endpoint.