| 标题 | vercel ai @ai-sdk/[email protected] Server-Side Request Forgery (SSRF) (CWE-918) |
|---|
| 描述 | # Technical Details
A Blind Server-Side Request Forgery (SSRF) bypass vulnerability exists in the `downloadBlob` method in `packages/provider-utils/src/download-blob.ts` of vercel/ai.
The application fails to prevent malicious HTTP redirects from communicating with internal architectures. The `validateDownloadUrl` function enforces SSRF IP blocklists stringently on the primary passed URL, but fails to accommodate the native Node.js `fetch()` mechanism dynamically executing 3xx HTTP redirects back to internal networks before performing post-flight validations.
# Vulnerable Code
File: packages/provider-utils/src/download-blob.ts
Method: downloadBlob
Why: An inherent Time-of-Check to Time-of-Use logic error. `fetch()` conducts automatic transparent redirect following, so by the time `if (response.redirected) validateDownloadUrl(response.url)` invokes, the `GET` request has already effectively landed on the private/internal target.
# Reproduction
1. Start an attacker-controlled HTTP server configured to return HTTP 302 redirects with a `Location` header to `http://127.0.0.1:9091/admin/delete`.
2. Formulate and submit an image fetch request payload pointing toward the external attacker IP.
3. The SDK logic successfully skips initial constraints, triggering the `fetch()`. The attacker server answers 302, bouncing the Node logic cleanly into executing the internal request path successfully.
# Impact
- Internal State Alteration: Capable of triggering arbitrary state-changing HTTP GET paths on loopback administrative APIs without authorization.
- Disclosure risks toward unpatched AWS Metadata endpoint architectures. |
|---|
| 来源 | ⚠️ https://gist.github.com/YLChen-007/cf7e47e4dda392f474ca77a66d1d847f |
|---|
| 用户 | Eric-f (UID 96873) |
|---|
| 提交 | 2026-04-23 14時47分 (1 月前) |
|---|
| 管理 | 2026-05-17 11時28分 (24 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 364393 [vercel ai 直到 3.0.97 provider-utils download-blob.ts validateDownloadUrl 权限提升] |
|---|
| 积分 | 0 |
|---|