This video is an explanation of the vulnerability found by mclaren650sspider and reported on Hackerone to Gitlab. It was SSRF done by DNS rebinding. The researcher exploited the way that the company has fixed the DNS rebinding the first time. It was rewarded $3,500.
00:27 the original vulnerability
01:24 the previous fix
02:02 the bypass
02:57 the fix
Links to file: