| Titel | Dataease SQLbot <= v1.6.0 Server-Side Request Forgery |
|---|
| Beschreibung | ### Vulnerability Description
[SQLBot](https://github.com/dataease/SQLBot) is an intelligent data query system based on large language models and RAG, meticulously crafted by the DataEase open-source project team. With SQLBot, users can perform conversational data analysis (ChatBI), quickly extracting the necessary data information and visualizations, and supporting further intelligent analysis.
In `backend/apps/db/es_engine.py`, the Elasticsearch query function directly uses user-provided `host` parameter to make HTTP requests without validating the target address, leading to Server-Side Request Forgery (SSRF). Attackers can use this to scan internal networks, access cloud metadata services, and exploit internal services.
### Affected Versions
SQLBot ≤ 1.6.0 |
|---|
| Quelle | ⚠️ https://www.notion.so/SQLbot-SSRF-in-Elasticsearch-Unvalidated-Requests-2afea92a3c4180bea524f1a253f8d9a0 |
|---|
| Benutzer | din4 (UID 50867) |
|---|
| Einreichung | 11.02.2026 04:44 (vor 2 Monaten) |
|---|
| Moderieren | 02.04.2026 13:02 (2 months later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 354854 [Dataease SQLbot bis 1.6.0 Elasticsearch es_engine.py get_es_data_by_http address erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|