New techniques for accessing cloud instance metadata through SSRF in modern frameworks.
Cloud providers have introduced IMDSv2 and similar protections against SSRF-based metadata theft. We document three new bypass techniques that work against common web frameworks when IMDSv2 is improperly configured. Our findings affect applications running on AWS, GCP, and Azure, and we provide detection signatures for each technique.