Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
server-side request forgery (SSRF) vulnerability in OpenID sign in #4973
Another SSRF issue ( the others reported on Gogs repository ).
Payload as OpenID URI:
It's less severe than the one in the webhooks because in the case of a web server it doesn't show the full HTTP response body and headers, just that the openid2.provider isn't found.