Submit #768044: Bytedesk <=1.3.9 SSRFinfo

TitleBytedesk <=1.3.9 SSRF
DescriptionThe endpoint GET /gitee/api/v1/models passes a user-supplied apiUrl parameter directly to RestTemplate.exchange() without any URL validation or allowlist. The server issues an HTTP request to the attacker-controlled URL. DNS callback logs confirm the server-side request originating from the target, enabling SSRF attacks including internal network probing, cloud IMDS access, and potential credential exfiltration.
Source⚠️ https://github.com/Bytedesk/bytedesk/issues/21
User
 ZAST.AI (UID 87884)
Submission02/26/2026 07:19 (1 month ago)
Moderation03/08/2026 08:20 (10 days later)
StatusAccepted
VulDB entry349756 [Bytedesk up to 1.3.9 SpringAIGiteeRestController SpringAIGiteeRestService.java getModels apiUrl server-side request forgery]
Points19

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!