Appwrite Blind SSRF

A researcher at Tenable discovered an unauthenticated Server-Side Request Forgery (SSRF) vulnerability via the '/v1/avatars/favicon' endpoint as a result of a bypass of an incomplete fix for CVE-2023-27159.

appwrite bypass cve endpoint favicon fix forgery request researcher result server server-side request forgery ssrf tenable unauthenticated vulnerability