Submit #644953: simstudioai https://github.com/simstudioai/sim <=1.0.0 SSRFinfo

Titlesimstudioai https://github.com/simstudioai/sim <=1.0.0 SSRF
DescriptionIn the file parse functionality (/api/files/parse), the target URL is user-controllable and lacks sufficient security handling, thus allowing attackers to exploit SSRF vulnerabilities to access internal hosts and services.
Source⚠️ https://github.com/simstudioai/sim/issues/960
User
 ZAST.AI (UID 87884)
Submission08/31/2025 15:21 (9 months ago)
Moderation09/08/2025 11:54 (8 days later)
StatusAccepted
VulDB entry323057 [SimStudioAI sim up to 1.0.0 route.ts filePath server-side request forgery]
Points16

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!