It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks.
https://security-tracker.debian.org/tracker/DSA-5638-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5638-1
Continue reading...