Blind SSRF in umputun/remark42 <= 1.12.1
[Suggested description]
An issue was found in umputun/remark42 <= 1.12.1. Malicious JSON in POST request to /api/v1/comment?site=<SITE_ID> leads to Blind SSRF due to missing title
field and insufficient filtering of url
field in comment creation request.
[Vendor of Product] https://github.com/umputun
[Reference] https://jet.su/vuln