About Canvas Security Updates
Security updates are posted here.
mspencer_inst
Instructure
Instructure

An unauthenticated blind SSRF (Server Side Request Forgery) vulnerability was identified and disclosed by a Tenable Security researcher. The vulnerability is due to not requiring LTI tools to sign requests to the server, allowing crafted API calls from end users to query arbitrary hosts. Host responses are not returned to the client.

Read more...

more
2 0 2,532