LocalAI/pkg/utils/urlfetch_test.go at 520e1ce3cd72bc7697da44d72643225df2737bef

mirror of https://github.com/mudler/LocalAI.git synced 2026-04-01 13:42:20 -04:00

Files

Kolega.dev 780877d1d0 security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )

User-supplied URLs passed to GetContentURIAsBase64() and downloadFile()
were fetched without validation, allowing SSRF attacks against internal
services. Added URL validation that blocks private IPs, loopback,
link-local, and cloud metadata endpoints before fetching.

Co-authored-by: kolega.dev <faizan@kolega.ai>

2026-02-10 15:14:14 +01:00

3.0 KiB

Raw Blame History

View Raw

3.0 KiB Raw Blame History

3.0 KiB

Raw Blame History