Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
[
{
"product": "Instructure Canvas Learning Management System (LMS)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Canvas LMS 2020-07-29"
}
]
}
]