No error from api. Backend allow add any links to profile
With link from iplogger (as example) we can get information about users who click on this link in our profile (like IP, Provider, geolocation, header info, info about os and device)
Expected result
White or blacklist links, don't allow users add any links. Or add gateway, when you click on link, to filter bad links on service.
Bug Type
Security
Reproduction steps
Actual result
No error from api. Backend allow add any links to profile With link from iplogger (as example) we can get information about users who click on this link in our profile (like IP, Provider, geolocation, header info, info about os and device)
Expected result
White or blacklist links, don't allow users add any links. Or add gateway, when you click on link, to filter bad links on service.
Suggested Severity
Critical
Device
OS: macOS Browser chrome Version 105
Additional Context
As example profile with link - https://getgems.io/user/EQAyydOEBX_MQd-xyrDg9Aoxan7uS5eVS75XXxSoU6sAaH7B