| Titre | BidingCC BuildingAI 26.0.1 Server-Side Request Forgery |
|---|
| Description | The remote upload API accepts attacker-controlled URL input and performs server-side HTTP fetch without destination restrictions. The route is explicitly annotated `@Public()`, and URL validation is limited to syntactic format (`IsUrl`) rather than network policy checks. An unauthenticated attacker can coerce the backend to request internal network services or cloud metadata endpoints. |
|---|
| La source | ⚠️ https://github.com/BidingCC/BuildingAI/issues/110 |
|---|
| Utilisateur | MidA (UID 96794) |
|---|
| Soumission | 07/04/2026 10:51 (il y a 21 jours) |
|---|
| Modérer | 26/04/2026 09:13 (19 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 359640 [BidingCC BuildingAI jusqu’à 26.0.1 Remote Upload API file-storage.service.ts uploadRemoteFile url élévation de privilèges] |
|---|
| Points | 20 |
|---|