Garlic Hub
Monthly
Server-side request forgery in Garlic-Hub digital signage manager prior to version 1.1 allows authenticated users to coerce the server into issuing arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. Responses are stored in the publicly accessible media pool, enabling internal port scanning, service fingerprinting, and exfiltration of internal HTTP responses. No public exploit identified at time of analysis, but the upstream commit (076b6d7) and GHSA-x24v-76hr-989r advisory disclose the patched validator logic.
Server-side request forgery in Garlic-Hub digital signage manager prior to version 1.1 allows authenticated users to coerce the server into issuing arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. Responses are stored in the publicly accessible media pool, enabling internal port scanning, service fingerprinting, and exfiltration of internal HTTP responses. No public exploit identified at time of analysis, but the upstream commit (076b6d7) and GHSA-x24v-76hr-989r advisory disclose the patched validator logic.