| Title | lintsinghua DeepAudit v3.0.2 SSRF |
|---|
| Description | The current INTERNAL_IP_RANGES validation logic in backend/app/api/v1/endpoints/config.py and backend/app/api/v1/endpoints/embedding_config.py can be bypassed using IPv6-mapped IPv4 address notation. The check does not properly normalize and validate mixed address formats. |
|---|
| Source | ⚠️ https://github.com/lintsinghua/DeepAudit/issues/144 |
|---|
| User | fushuling (UID 45488) |
|---|
| Submission | 01/28/2026 13:59 (3 months ago) |
|---|
| Moderation | 02/15/2026 10:08 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 346120 [lintsinghua DeepAudit up to 3.0.3 IP Address embedding_config.py server-side request forgery] |
|---|
| Points | 18 |
|---|