| 제목 | vercel ai @ai-sdk/[email protected] Server-Side Request Forgery (SSRF) (CWE-918) |
|---|
| 설명 | # Technical Details
A Blind Server-Side Request Forgery (SSRF) bypass vulnerability exists in the `downloadBlob` method in `packages/provider-utils/src/download-blob.ts` of vercel/ai.
The application fails to completely enforce an IP blacklisting mechanism because the native `fetch()` API behaves with `redirect: 'follow'`. Remote attackers can send an image URL linking to a public server they control (like `httpbin.org/redirect-to`), which bypasses the initial public IP static checks but forces `fetch()` to follow HTTP 302 redirects toward otherwise forbidden loopback interfaces (`127.0.0.1`).
# Vulnerable Code
File: packages/provider-utils/src/download-blob.ts
Method: downloadBlob
Why: Initial blacklist evaluations successfully parse public target endpoints as benign. However, subsequent native `fetch()` calls will route following HTTP redirects to internal systems. Post-flight URL verification evaluates too late to prevent the network call implementation.
# Reproduction
1. Initiate a public URL webserver or rely on an Open Redirect service configured to route responses to `http://127.0.0.1:8080/secret-path`.
2. Find the AI application boundary processing endpoints which accept URLs (for instance, the SDK AI endpoint resolving uploaded images).
3. Post the public proxy URL (`http://httpbin.org/redirect-to?url=http%3A%2F%2F127.0.0.1...`).
4. The destination HTTP GET payload will reach the `127.0.0.1` internal application listener.
# Impact
- SSRF Traversal: Allows issuing arbitrary GET requests to internal/local components.
- Mutating states on unprotected internal microservices, AWS Metadata, and docker daemons. |
|---|
| 원천 | ⚠️ https://gist.github.com/YLChen-007/07d149bd68adbee58165b4207a2abc71 |
|---|
| 사용자 | Eric-f (UID 96873) |
|---|
| 제출 | 2026. 04. 23. PM 02:47 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 17. AM 11:28 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 364393 [vercel ai 까지 3.0.97 provider-utils download-blob.ts validateDownloadUrl 권한 상승] |
|---|
| 포인트들 | 20 |
|---|