LocalAI/pkg/utils/urlfetch_test.go at master

mirror of https://github.com/mudler/LocalAI.git synced 2026-02-13 16:14:24 -05:00

Files

Kolega.dev 780877d1d0 security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )

User-supplied URLs passed to GetContentURIAsBase64() and downloadFile()
were fetched without validation, allowing SSRF attacks against internal
services. Added URL validation that blocks private IPs, loopback,
link-local, and cloud metadata endpoints before fetching.

Co-authored-by: kolega.dev <faizan@kolega.ai>

2026-02-10 15:14:14 +01:00

3.0 KiB

Raw Permalink Blame History

View Raw

3.0 KiB Raw Permalink Blame History

3.0 KiB

Raw Permalink Blame History