[MEDIUM] AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

PKSA-n1mw-ddw6-yyqd CVE-2026-43879 GHSA-wp38-whx3-xffh

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub