Context-Inappropriate Capability
Medium
- Confidence
- 95% confidence
- Finding
- The code automatically fetches any http/https URL found in img src attributes and downloads it server-side before re-uploading to WeChat. This creates an SSRF-style primitive and an unintended outbound request capability that can be abused to probe internal or sensitive network resources if article content is attacker-controlled.
