8 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to insufficient validation of user-supplied media URLs in the BedrockProxyChatModel function. An attacker can cause the server to send HTTP requests to unintended internal or external destinations by...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to insufficient validation of user-supplied media URLs in the BedrockProxyChatModel function. An attacker can cause the server to send HTTP requests to unintended internal or external destinations by...
Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...
GHSA-MHRG-94VW-45C5 Spring AI: Insufficient Validation causes SSRF when processing multimodal messages with user-supplied URLs
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...
CVE-2026-22742
The provided sources confirm a concrete SSRF vulnerability in Spring AI’s spring-ai-bedrock-converse BedrockProxyChatModel, triggered when processing multimodal messages with user-supplied media URLs. The root cause is insufficient validation of those URLs, allowing the server to issue HTTP reque...
CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...
CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...
CVE-2026-22742
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...