Budibase executeQuery SSRF via automation step queryId

The executeQuery automation step accepts a queryId from inputs and passes it to the query execution controller without validation, enabling SSRF when combined with a REST datasource targeting internal infrastructure.

Budibase applications where builder-level access is granted to partially trusted users and network-level controls do not restrict outbound HTTP from the Budibase server process.

Review builder access permissions and ensure network-level controls restrict outbound HTTP from the Budibase server to internal endpoints.