The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
https://bugzilla.redhat.com/show_bug.cgi?id=1478792