LocalAI/pkg/utils/base64.go at ff02e7ff5be44f08b248dc8b3fcd680d2f8a4a5a

mirror of https://github.com/mudler/LocalAI.git synced 2026-04-01 05:36:49 -04:00

Files

Kolega.dev 780877d1d0 security: validate URLs to prevent SSRF in content fetching endpoints (#8476 )

User-supplied URLs passed to GetContentURIAsBase64() and downloadFile()
were fetched without validation, allowing SSRF attacks against internal
services. Added URL validation that blocks private IPs, loopback,
link-local, and cloud metadata endpoints before fetching.

Co-authored-by: kolega.dev <faizan@kolega.ai>

2026-02-10 15:14:14 +01:00

1.4 KiB

Raw Blame History

View Raw

1.4 KiB Raw Blame History

1.4 KiB

Raw Blame History