references/plane
1
0
Fork 0
mirror of https://github.com/makeplane/plane.git synced 2026-06-14 03:30:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

[SECUR-116] fix: ssrf webhook url for ip address #8716

Browse Source
This commit is contained in:
sriram veeraghanta
2026-03-05 17:26:06 +05:30
committed by GitHub
parent cc7982ca14
commit 71b0d30afb
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/api/plane/app/serializers/webhook.py
+2 -2
View File
@@ -38,7 +38,7 @@ class WebhookSerializer(DynamicBaseSerializer):
for addr in ip_addresses:
ip = ipaddress.ip_address(addr[4][0])
if ip.is_loopback:
if ip.is_private or ip.is_loopback or ip.is_reserved or ip.is_link_local:
raise serializers.ValidationError({"url": "URL resolves to a blocked IP address."})
# Additional validation for multiple request domains and their subdomains
@@ -73,7 +73,7 @@ class WebhookSerializer(DynamicBaseSerializer):
for addr in ip_addresses:
ip = ipaddress.ip_address(addr[4][0])
if ip.is_loopback:
if ip.is_private or ip.is_loopback or ip.is_reserved or ip.is_link_local:
raise serializers.ValidationError({"url": "URL resolves to a blocked IP address."})
# Additional validation for multiple request domains and their subdomains