From 6e853675d491da82af8501b27244c9f8b3b5d2a0 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Tue, 5 May 2026 08:08:52 +0000
Subject: [PATCH] fix: V-003 security vulnerability

Automated security fix generated by Orbis Security AI
---
 apps/api/plane/bgtasks/webhook_task.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/api/plane/bgtasks/webhook_task.py b/apps/api/plane/bgtasks/webhook_task.py
index 89d98757679..96019d69974 100644
--- a/apps/api/plane/bgtasks/webhook_task.py
+++ b/apps/api/plane/bgtasks/webhook_task.py
@@ -345,6 +345,10 @@ def webhook_send_task(
             event_type=event,
         )
         logger.info(f"Webhook {webhook.id} sent successfully")
+    except ValueError as e:
+        # URL failed SSRF/IP-range validation — do not send or retry
+        logger.error(f"Webhook {webhook.id} blocked: URL validation failed: {e}")
+        return
     except requests.RequestException as e:
         # Log the failed webhook request
         save_webhook_log(