b33t1e/gist:43b26c31e895baf7e7aea2dbf9743a9a

## gistfile1.txt
[description]
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request
Forgery (SSRF) via the component /v1/avatars/favicon. This
vulnerability allows attackers to access network resources and
sensitive information via a crafted GET request.
>
------------------------------------------
>
[VulnerabilityType Other]
Server-Side Request Forgery (SSRF)
>
------------------------------------------
>
[Vendor of Product]
https://github.com/appwrite/appwrite
>
------------------------------------------
>
[Affected Product Code Base]
appwrite - <= Version 1.2.1
>
------------------------------------------
>
[Affected Component]
The API endpoints /v1/avatars/favicon is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the url before Version 1.2.1 (latest Version).
>
------------------------------------------
>
[Attack Type]
Remote
>
------------------------------------------
>
[Impact Escalation of Privileges]
true
>
------------------------------------------
>
[Impact Information Disclosure]
true
>
------------------------------------------
>
[Attack Vectors]
POC: http://localhost/v1/avatars/favicon?url=http://127.0.0.1:4444/ssrf?param=test
Details can be seen: https://notes.sjtu.edu.cn/s/hTa9CIX8p
>
------------------------------------------
>
[Discoverer]
beet1e
>
------------------------------------------
>
[Reference]
http://appwrite.com
https://github.com/appwrite/appwrite
https://notes.sjtu.edu.cn/s/hTa9CIX8p
https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA
	[description]
	Appwrite up to v1.2.1 was discovered to contain a Server-Side Request
	Forgery (SSRF) via the component /v1/avatars/favicon. This
	vulnerability allows attackers to access network resources and
	sensitive information via a crafted GET request.
	>
	------------------------------------------
	>
	[VulnerabilityType Other]
	Server-Side Request Forgery (SSRF)
	>
	------------------------------------------
	>
	[Vendor of Product]
	https://github.com/appwrite/appwrite
	>
	------------------------------------------
	>
	[Affected Product Code Base]
	appwrite - <= Version 1.2.1
	>
	------------------------------------------
	>
	[Affected Component]
	The API endpoints /v1/avatars/favicon is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the url before Version 1.2.1 (latest Version).
	>
	------------------------------------------
	>
	[Attack Type]
	Remote
	>
	------------------------------------------
	>
	[Impact Escalation of Privileges]
	true
	>
	------------------------------------------
	>
	[Impact Information Disclosure]
	true
	>
	------------------------------------------
	>
	[Attack Vectors]
	POC: http://localhost/v1/avatars/favicon?url=http://127.0.0.1:4444/ssrf?param=test
	Details can be seen: https://notes.sjtu.edu.cn/s/hTa9CIX8p
	>
	------------------------------------------
	>
	[Discoverer]
	beet1e
	>
	------------------------------------------
	>
	[Reference]
	http://appwrite.com
	https://github.com/appwrite/appwrite
	https://notes.sjtu.edu.cn/s/hTa9CIX8p
	https://notes.sjtu.edu.cn/gMNlpByZSDiwrl9uZyHTKA