SSRF
94 entries
Every SSRF entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
Hugging Face Smolagents has a Server-Side Request Forgery issue
A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-s...
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
## Server-Side Request Forgery (SSRF) in ChatOpenAI Image Token Counting ### Summary The `ChatOpenAI.get_num_tokens_from_messages()` method fetches arbitrary `image_url` values without validation whe...
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector
### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods...
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The `load_from_url` and `load_from_url_async` met...
BentoML SSRF Vulnerability in File Upload Processing
### Description There's an SSRF in the file upload processing system that allows remote attackers to make arbitrary HTTP requests from the server without authentication. The vulnerability exists in t...
LangChain Community SSRF vulnerability exists in RequestsToolkit component
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.Requests...
PYSEC-2025-70
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.Requests...
MLFlow SSRF via gateway_proxy_handler
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/co...
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component in langchain-community (langchain-community.retrievers.web_research.WebResearchRetriever). The vulnera...
gradio Server-Side Request Forgery vulnerability
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.rep...
PYSEC-2024-278
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/...
langchain Server-Side Request Forgery vulnerability
With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(...
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Older versions of `gradio` contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a...
MLflow Server-Side Request Forgery (SSRF)
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abused to get a remote code execution on the victim machine.
Langchain Server-Side Request Forgery vulnerability
In Langchain before 0.0.329, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstre...
LangChain Server Side Request Forgery vulnerability
LangChain before 0.0.317 allows SSRF via `document_loaders/recursive_url_loader.py` because crawling can proceed from an external server to an internal server.
PYSEC-2023-205
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
TorchServe Server-Side Request Forgery vulnerability
## Impact **Remote Server-Side Request Forgery (SSRF)** **Issue**: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests an...