7 matches found
CVE-2026-8768
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the order of operations in the validateDownloadUrl implementation in download-blob.ts and download.ts. The fetch operation called before applying validateDownloadUrl follows redirects by default...
EUVD-2026-30713
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
Vercel AI SDK 代码问题漏洞
Vercel AI SDK is a JavaScript SDK developed by Vercel that supports the integration of large language models, streaming responses, and AI application development. Versions of Vercel AI 3.0.97 and earlier contain code vulnerabilities. These vulnerabilities stem from the validateDownloadUrl functio...
PT-2026-41587
Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98 Description A server-side request forgery SSRF issue exists in the provider-utils component. The flaw is located in the validateDownloadUrl function within the packages/provider-utils/src/download-blob.ts fil...