once-campfire

mirror of https://github.com/basecamp/once-campfire.git synced 2026-02-21 04:00:34 +09:00

Files

Jeremy Daer e983e3f79f Block IPv6 SSRF bypass via ipv4_compat addresses (#153 )

Adds ipv4_mapped? and ipv4_compat? checks to PrivateNetworkGuard.private_ip?
to block SSRF bypass attempts using IPv6 address formats like:
- ::ffff:169.254.169.254 (IPv4-mapped)
- ::169.254.169.254 (IPv4-compatible)

These formats could previously bypass the link_local? check since Ruby
treats them as IPv6 addresses, not IPv4.

Ref: HackerOne #3481701

2025-12-31 13:01:43 -08:00

assets

Hello world

2025-08-21 09:31:59 +01:00

rails_ext

Try to decode SGIDs in multiple ways

2025-12-15 17:00:50 +01:00

restricted_http

Block IPv6 SSRF bypass via ipv4_compat addresses (#153 )

2025-12-31 13:01:43 -08:00

tasks

Upgrade to Rails 8 and Ruby 3.4.5 (#1 )

2025-09-02 17:02:41 +02:00

web_push

Hello world

2025-08-21 09:31:59 +01:00