제출 #813211: ItzCrazyKns Vane 1.12.1 SSRF via Model Provider baseURL정보

제목ItzCrazyKns Vane 1.12.1 SSRF via Model Provider baseURL
설명The POST /api/providers endpoint allows unauthenticated users to register new model providers with an arbitrary baseURL parameter. Upon registration, the server immediately initiates an HTTP request from the server side to ${baseURL}/api/tags (for Ollama-type providers) or similar endpoints for other provider types, without any validation of the target URL.
원천⚠️ https://github.com/ItzCrazyKns/Vane/issues/1124
사용자
 Yu-Bao (UID 96702)
제출2026. 04. 26. AM 04:00 (1 월 ago)
모더레이션2026. 05. 23. PM 04:01 (28 days later)
상태수락
VulDB 항목365336 [ItzCrazyKns Vane 까지 1.12.1 Model Provider API route.ts baseURL 권한 상승]
포인트들19

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!