prompts.chat 代码问题漏洞

prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Versions of prompts.chat prior to 30a8f04 contained code vulnerabilities; these vulnerabilities stemmed from a lack of URL validation during Fal.ai’s media status polling, which could lead to server-side request...

PT-2026-30228

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL...