← All Labs
SSRF — Image URL Fetcher
AvatarFetcher takes a URL and downloads the image server-side. The fetcher has no allowlist — point it at an internal-only address to read cloud metadata.
AvatarFetcher takes a URL and downloads the image server-side. The fetcher has no allowlist — point it at an internal-only address to read cloud metadata.