openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.Referenceshttps://marc.info/?l=openid-security&m=155477050605610&w=2
