Server Side Request Forgery

Permalink
It appears that the search function in 5.7.x is open to SSRF as a proxy. Anyone else run into this and found a mitigation?