CRITICAL: SSRF to Cloud Metadata Exfiltration & Internal Network Takeover (CVSS 9.1) #409
emmanuelkings949-pixel
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary. I am reporting a Critical Server-Side Request Forgery (SSRF) vulnerability found in the ai-provider-proxy.ts file. This flaw allows an attacker to bypass security controls and reach internal infrastructure, including cloud metadata services.
Impact Assessment (CVSS 9.1)
Infrastructure Takeover: Potential theft of AWS/GCP service tokens (169.254.169.254).
Internal Scanning: Ability to scan and interact with internal-only services (K8s, Redis, etc.).
Proof of Concept & Fix I have already implemented a production-grade fix using a Strict Hostname Allowlist and Redirect Guards.
Full Evidence & PR: https://github.com/AIxBlock-2023/awesome-ai-dev-platform-opensource/pull/401
CodeQL Proof: I have attached the data-flow analysis to the PR above, showing the path from untrusted input to the fetch execution.
Note to Maintainers The "Issues" tab on this repository is currently disabled, so I am logging this report here to ensure the 48-hour acknowledgment window begins as per the bounty rules.
Tagging maintainers for visibility: @yinghai @zhaojun-victor
Beta Was this translation helpful? Give feedback.
All reactions