Key Information Vulnerability Description Vulnerability Type: SSRF (Server-Side Request Forgery) Affected API: Issue: The API allows unauthorized SSRF attacks due to the absence of the annotation. Impact No Authentication Required: Attackers can access internal networks. Example Command: Potential Risks: Scanning internal ports, accessing cloud metadata (AWS/Azure), reading local files. Remediation Recommendation Code Modification Location: Add Authorization Annotation: Severity Zero Authentication in Production Environment Demo mode does not protect production deployments Other attachment endpoints are properly authorized; this endpoint was overlooked Affects all public PerfreeBlog instances Status Fixed and Closed: Confirmed and closed by perfree on Aug 11.