Submit #811405: vercel ai @ai-sdk/[email protected] Server-Side Request Forgery (SSRF) (CWE-918)info

Titelvercel ai @ai-sdk/[email protected] Server-Side Request Forgery (SSRF) (CWE-918)
Beschreibung# Technical Details A Blind Server-Side Request Forgery (SSRF) bypass vulnerability exists in the `downloadBlob` method in `packages/provider-utils/src/download-blob.ts` of vercel/ai. The application fails to prevent malicious HTTP redirects from communicating with internal architectures. The `validateDownloadUrl` function enforces SSRF IP blocklists stringently on the primary passed URL, but fails to accommodate the native Node.js `fetch()` mechanism dynamically executing 3xx HTTP redirects back to internal networks before performing post-flight validations. # Vulnerable Code File: packages/provider-utils/src/download-blob.ts Method: downloadBlob Why: An inherent Time-of-Check to Time-of-Use logic error. `fetch()` conducts automatic transparent redirect following, so by the time `if (response.redirected) validateDownloadUrl(response.url)` invokes, the `GET` request has already effectively landed on the private/internal target. # Reproduction 1. Start an attacker-controlled HTTP server configured to return HTTP 302 redirects with a `Location` header to `http://127.0.0.1:9091/admin/delete`. 2. Formulate and submit an image fetch request payload pointing toward the external attacker IP. 3. The SDK logic successfully skips initial constraints, triggering the `fetch()`. The attacker server answers 302, bouncing the Node logic cleanly into executing the internal request path successfully. # Impact - Internal State Alteration: Capable of triggering arbitrary state-changing HTTP GET paths on loopback administrative APIs without authorization. - Disclosure risks toward unpatched AWS Metadata endpoint architectures.
Quelle⚠️ https://gist.github.com/YLChen-007/cf7e47e4dda392f474ca77a66d1d847f
Benutzer
 Eric-f (UID 96873)
Einreichung23.04.2026 14:47 (vor 1 Monat)
Moderieren17.05.2026 11:28 (24 days later)
StatusDuplikat
VulDB Eintrag364393 [vercel ai bis 3.0.97 provider-utils download-blob.ts validateDownloadUrl erweiterte Rechte]
Punkte0

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!