Описание
new-api is vulnerable to SSRF Bypass
Summary
A recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successfully access the intranet.
Details
Use the following script to deploy on the attacker's server. Since ports 80, 443, and 8080 are default ports within the security range set by the administrator and will not be blocked, the service is deployed on port 8080.
Then, a request is made to the malicious service opened by the attacker, and it can be found that the resources on the intranet are successfully accessed.
At the same time, the locally opened service 127.0.0.1:8083/uid.txt also received related requests.
Impact
Using 302 redirects to bypass previous SSRF security fixes
Пакеты
github.com/QuantumNous/new-api
< 0.9.6
0.9.6
Связанные уязвимости
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF to occur. Because the existing fix only applies security restrictions to the first URL request, a 302 redirect can bypass existing security measures and successfully access the intranet. This issue has been patched in version 0.9.6.