[MEDIUM] Craft CMS has a host header injection leading to SSRF via resource-js endpoint

PKSA-ntd3-69q5-4cfy GHSA-95wr-3f2v-v2wh

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<=4.17.8|>=5.0.0-RC1,<=5.9.14

Reported by:
GitHub