जमा करें #813211: ItzCrazyKns Vane 1.12.1 SSRF via Model Provider baseURLजानकारी

शीर्षक	ItzCrazyKns Vane 1.12.1 SSRF via Model Provider baseURL
विवरण	The POST /api/providers endpoint allows unauthenticated users to register new model providers with an arbitrary baseURL parameter. Upon registration, the server immediately initiates an HTTP request from the server side to ${baseURL}/api/tags (for Ollama-type providers) or similar endpoints for other provider types, without any validation of the target URL.
स्रोत	⚠️ https://github.com/ItzCrazyKns/Vane/issues/1124
उपयोगकर्ता	Yu-Bao (UID 96702)
सबमिशन	26/04/2026 04:00 AM (1 महीना पहले)
संयम	23/05/2026 04:01 PM (28 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	365336 [ItzCrazyKns Vane तक 1.12.1 Model Provider API route.ts baseURL अधिकार वृद्धि]
अंक	19

Want to know what is going to be exploited?

We predict KEV entries!