Spring AI’s spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.
This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
Details
Spring AI’s spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.
This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
Statement
Subscribe to updates
Product 1
Loading products...
No products found
Loading...
No matches
Unsubscribe
Enter your email and we'll send you a link to manage your subscription preferences.
Check your inbox
If this email is subscribed, we've sent a link to manage your preferences.
Contact us
Message Delivered!
Thanks for reaching out!
The TuxCare team has received your message and will get back to you shortly.