Linshenkx Prompt-Optimizer Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the '/api/proxy/' component of Linshenkx Prompt-Optimizer, affecting versions 1.3.0 through 1.4.2. This vulnerability allows attackers to scan internal resources by sending crafted requests that exploit the exposed 'targetUrl' parameter. The issue arises because the parameter can be manipulated to include arbitrary headers and values, which the server then processes and sends out, potentially leading to unauthorized access or information disclosure.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server send requests on its behalf. This could be used to access internal services or resources that are not normally exposed to the outside world.

Reproduction

To reproduce this vulnerability, send a request to the '/api/proxy/' endpoint with a crafted 'targetUrl' parameter. Include malicious headers such as 'User-Agent' and any other custom headers that may be relevant to the target service. The server will process this request and forward it to the specified internal resource, effectively allowing the attacker to scan or access it.

Remediation

The vulnerable proxy feature has been removed in version 2.2.1. Users are advised to update to this version.