OX App Suite up to and including 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
open-xchange open-xchange appsuite