LocalAI

mirror/LocalAI

Fork 0

mirror of https://github.com/mudler/LocalAI.git synced 2026-02-11 15:14:40 -05:00

Commit Graph

Author	SHA1	Message	Date
Kolega.dev	780877d1d0	security: validate URLs to prevent SSRF in content fetching endpoints (#8476 ) User-supplied URLs passed to GetContentURIAsBase64() and downloadFile() were fetched without validation, allowing SSRF attacks against internal services. Added URL validation that blocks private IPs, loopback, link-local, and cloud metadata endpoints before fetching. Co-authored-by: kolega.dev <faizan@kolega.ai>	2026-02-10 15:14:14 +01:00

Author

SHA1

Message

Date

Kolega.dev

780877d1d0

security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )

User-supplied URLs passed to GetContentURIAsBase64() and downloadFile()
were fetched without validation, allowing SSRF attacks against internal
services. Added URL validation that blocks private IPs, loopback,
link-local, and cloud metadata endpoints before fetching.

Co-authored-by: kolega.dev <faizan@kolega.ai>

2026-02-10 15:14:14 +01:00

1 Commits