Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.
View the template here CVE-2023-27159.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-27159