Vercel AI SDK Input Validation Whitelist Bypass Vulnerability

A vulnerability in Vercel's AI SDK prior to version 5.0.52 and in the 6.0.0-beta series allows users to bypass filetype whitelists during file uploads. This issue arises from improper URL-to-data mapping in the prompt conversion process, enabling the injection of arbitrary content into supported URL slots while circumventing validation mechanisms. The vulnerability affects most functions that handle images or files, except where specific validation has been applied outside the SDK.

Impact

Exploitation of this vulnerability could lead to the injection of unauthorized content into applications using the affected SDK, potentially causing unexpected behavior or security issues.

Reproduction

The vulnerability can be reproduced by uploading files through the AI SDK's prompt conversion functions, such as 'generateText()' or 'streamText()'. Include a mix of supported and unsupported file URLs. The SDK will incorrectly map the downloaded data from unsupported URLs to the slots of supported ones, bypassing the intended filetype validation.

Remediation

Users are advised to upgrade to Vercel AI SDK versions 5.0.52, 5.1.0-beta.9, or 6.0.0-beta. Instructions for upgrading can be found in the Vercel AI SDK documentation.