Submit #811404: vercel ai @ai-sdk/[email protected] Server-Side Request Forgery (SSRF) (CWE-918)info

Titelvercel ai @ai-sdk/[email protected] Server-Side Request Forgery (SSRF) (CWE-918)
Beschreibung# Technical Details A Blind Server-Side Request Forgery (SSRF) bypass vulnerability exists in the `downloadBlob` method in `packages/provider-utils/src/download-blob.ts` of vercel/ai. The application fails to completely enforce an IP blacklisting mechanism because the native `fetch()` API behaves with `redirect: 'follow'`. Remote attackers can send an image URL linking to a public server they control (like `httpbin.org/redirect-to`), which bypasses the initial public IP static checks but forces `fetch()` to follow HTTP 302 redirects toward otherwise forbidden loopback interfaces (`127.0.0.1`). # Vulnerable Code File: packages/provider-utils/src/download-blob.ts Method: downloadBlob Why: Initial blacklist evaluations successfully parse public target endpoints as benign. However, subsequent native `fetch()` calls will route following HTTP redirects to internal systems. Post-flight URL verification evaluates too late to prevent the network call implementation. # Reproduction 1. Initiate a public URL webserver or rely on an Open Redirect service configured to route responses to `http://127.0.0.1:8080/secret-path`. 2. Find the AI application boundary processing endpoints which accept URLs (for instance, the SDK AI endpoint resolving uploaded images). 3. Post the public proxy URL (`http://httpbin.org/redirect-to?url=http%3A%2F%2F127.0.0.1...`). 4. The destination HTTP GET payload will reach the `127.0.0.1` internal application listener. # Impact - SSRF Traversal: Allows issuing arbitrary GET requests to internal/local components. - Mutating states on unprotected internal microservices, AWS Metadata, and docker daemons.
Quelle⚠️ https://gist.github.com/YLChen-007/07d149bd68adbee58165b4207a2abc71
Benutzer
 Eric-f (UID 96873)
Einreichung23.04.2026 14:47 (vor 1 Monat)
Moderieren17.05.2026 11:28 (24 days later)
StatusAkzeptiert
VulDB Eintrag364393 [vercel ai bis 3.0.97 provider-utils download-blob.ts validateDownloadUrl erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!