Lokka Azure Resource Manager URL Path Validation Issue: Critical SSRF Vulnerability
A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in Lokka versions prior to 2.1.2. The issue allows attackers to craft malicious URLs that can alter Azure Resource Manager bearer token transmission, potentially leading to unauthorized access. The vulnerability has a CVSS score of 8.7 and is categorized under CWE-918. Immediate patching to version 2.1.2 or later is strongly recommended.