strapi is a HTTP layer sits on top of Koa.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF).
admin/src/containers/InputModalStepperProvider/index.js has a
/proxy?url= functionality which could be abused to route to internal IPs and access private IPs available to the server.
strapi to version 3.2.5 or higher.