mirror of
https://github.com/HKUDS/nanobot.git
synced 2026-06-13 22:34:06 +00:00
13dec9d2c2
::ffff:127.0.0.1 and ::ffff:169.254.169.254 are IPv6Address objects that match neither the IPv4 blocklists (127.0.0.0/8, 169.254.0.0/16) nor the IPv6 ones (::1/128), allowing SSRF bypass via DNS responses that return IPv6-mapped IPv4 addresses. Add _normalize_addr() to convert ipv4_mapped IPv6 addresses to their IPv4 form before blocklist/allowlist matching.