What is GHSA-xq32-9g7q-7297?

GHSA-xq32-9g7q-7297 is a security advisory published by GitHub Security Advisories with Medium severity. FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

Which CVE IDs does GHSA-xq32-9g7q-7297 cover?

GHSA-xq32-9g7q-7297 covers the following CVE IDs: CVE-2026-46556. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-xq32-9g7q-7297?

GHSA-xq32-9g7q-7297 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

Which products are affected by GHSA-xq32-9g7q-7297?

GHSA-xq32-9g7q-7297 affects 1 product, including: pip/flaskbb:\u003c= 2.2.0.

GHSA-xq32-9g7q-7297MediumCVSS 6.5

FlaskBB: SSRF in get_image_info() via unrestricted avatar URL

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-46556 →

📋 Description

###Summary A Server-Side Request Forgery (SSRF) vulnerability in get_image_info() allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services (e.g., AWS 169.254.169.254). This is a blind SSRF with confirmed internal port scanning and internal API triggering capabilities. CVSS 6.5 Medium. ###Details In flaskbb/utils/helpers.py (line 571), the url parameter is passed directly to requests.get(url, stream=True) without any validation of scheme, host, or IP address. ``` python# flaskbb/utils/helpers.py:571 def get_image_info(url: str): r = requests.get(url, timeout=(3.05, 27), stream=True) ``` Attack chain: ``` POST /user/settings/user-details (avatar URL) → ValidateAvatarURL.validate() # validators.py:103 → check_image(avatar) # helpers.py:628 → get_image_info(url) # helpers.py:571 → requests.get(url) # No domain/IP restriction Entry points: /user/settings/user-details (any authenticated user) /admin/users/<id>/edit (admin only) ``` ###PoC [submit.zip](https://github.com/user-attachments/files/26301527/submit.zip) Log in to FlaskBB as any user Navigate to Settings → User Details Enter http://169.254.169.254/latest/meta-data/ as the avatar URL Submit the form The server sends a GET request to the internal metadata endpoint Three exploitation channels confirmed: Server-side request: Captured on mock metadata server Internal port scan: check_image() returns distinct errors (CONN_REFUSED, NO_CONTENT_LENGTH, TYPE_NOT_ALLOWED, SUCCESS) that map internal network topology Internal API triggering: Mock APIs on 127.0.0.1:9200 triggered via SSRF (deploy, shutdown, key dump endpoints) ###Impact Any authenticated user is impacted. Attackers can force the server to request internal services, cloud metadata endpoints, or private network resources. On cloud deployments (AWS/GCP/Azure), IAM credentials can be leaked. In production, any GET-triggered internal service is reachable: CI/CD webhooks, Elasticsearch, etcd, Consul, etc.

🎯 Affected products1

pip/flaskbb:<= 2.2.0

🔗 CVE IDs covered (1)

📋 Description

🎯 Affected products1

🔗 References (2)