github.com/gogs/gogs is vulnerable to server-side request forgery. The vulnerability exists because the isLocalHostname
function of webhook.go
does not properly validate the IP addresses before redirect, allowing an attacker to gain access to response data by making an HTTP request to untrusted URLs