Invision Community fixed an SSRF vulnerability (CVE-2021-40604) found by Mikhail Klyuchnikov! Timeline: 06/23/2021 - The advisory is published 06/24/2021 - Requested CVE via MITRE 06/13/2022 - CVE was assigned The PoC The "gkey" param is an unfollow token. 871 views14:20