[cantalopes]

Imagine your app uses that Image tag to process image for some specific resolution/quality - just any processing done on your server for any imagw resource loaded via this tag.

Not sure how exactly it works, never used the framework, but i assume that when the frontend app detects this image tag it makes a server call to orocess it and rerurn optimized version.

Now, if someone were to insert such tag onto the frontend of your app and put in source of their own image, your server would do the processing of their image.

I have absolutely no idea in what universe would this be a practical attack of benefiting anyone at all

Edit: oh i see the coment by samtheprogram. I would think that the framework would use some form of csrf, this is a really weird implementation