Lichess: Server-Side Request Forgery (SSRF) via Game Export API

The Lichess game export API was found to be vulnerable to Server-Side Request Forgery (SSRF) due to insufficient input validation of the "players" parameter. This allowed an attacker to make the Lichess server send arbitrary HTTP requests to external URLs, potentially exposing sensitive…Read More