Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.12 views

CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.5AI score0.00385EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/18 1:32 a.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the order of operations in the validateDownloadUrl implementation in download-blob.ts and download.ts. The fetch operation called before applying validateDownloadUrl follows redirects by default...

7.5CVSS7.2AI score0.00385EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/18 12:31 a.m.14 views

EUVD-2026-30713

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS5.4AI score0.00385EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/17 10:45 p.m.61 views

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS0.00385EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/05/17 10:45 p.m.9 views

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.00385EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.14 views

Vercel AI SDK 代码问题漏洞

Vercel AI SDK is a JavaScript SDK developed by Vercel that supports the integration of large language models, streaming responses, and AI application development. Versions of Vercel AI 3.0.97 and earlier contain code vulnerabilities. These vulnerabilities stem from the validateDownloadUrl functio...

7.5CVSS7.2AI score0.00385EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.14 views

PT-2026-41587

Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98 Description A server-side request forgery SSRF issue exists in the provider-utils component. The flaw is located in the validateDownloadUrl function within the packages/provider-utils/src/download-blob.ts fil...

7.5CVSS7.2AI score0.00385EPSS
Exploits1References12
Rows per page
Query Builder