12 matches found
CVE-2026-7223
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
Server-side Request Forgery (SSRF)
Overview @dadigua/hyperchat is a HyperChat Core - Node.js backend and CLI tool with AI chat, MCP support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the AI Proxy Middleware component when processing the baseurl argument. An attack...
BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
GHSA-R2JQ-4H3X-RFJ6 BigSweetPotatoStudio HyperChat has a Server-Side Request Forgery issue
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
EUVD-2026-25980
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223 BigSweetPotatoStudio HyperChat AI Proxy Middleware aiProxyMiddleware.mts fetch server-side request forgery
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...
CVE-2026-7223
CVE-2026-7223 affects BigSweetPotatoStudio HyperChat (up to 2.0.0-alpha.63) in the AI Proxy Middleware, specifically the fetch function in packages/core/src/http/aiProxyMiddleware.mts. The issue results from manipulation of the baseurl argument, enabling server-side request forgery. The attack is...
HyperChat 代码问题漏洞
HyperChat is an open-source local AI agent platform developed by dadigua. It supports configuration-driven and project-level AI expertise. Versions of HyperChat 2.0.0-alpha.63 and earlier have code vulnerabilities. These vulnerabilities stem from the baseurl parameter in the fetch function of the...
PT-2026-35655
A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...