8 matches found
CVE-2026-8769
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
EUVD-2026-30713
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
0xble (>=14.0.0 <=23.2.2), 100xchat (>=1.1.5 <=1.3.5) +5661 more potentially affected by CVE-2026-8769 via @ai-sdk/provider-utils (>=0.0.0-b66d09a8-20260328011513 <=3.0.9)
@ai-sdk/provider-utils NPM version =0.0.0-b66d09a8-20260328011513, =14.0.0, =1.1.5, =0.1.0, =1.0.0, =0.0.2, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.1.0, =0.1.0-alpha.1, =0.1.0, =0.0.5, =0.1.7 - @activepieces/ai-providers-shared =0.0.1 and more Source cves:...
@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue
A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8769
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
Vercel AI SDK 资源管理错误漏洞
Vercel AI SDK is a JavaScript SDK provided by Vercel that supports the integration of large language models, streaming responses, and AI application development. Vercel AI SDK versions 3.0.97 and earlier contain a resource management vulnerability. This vulnerability stems from the functions...