SimStudioAI Sim Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in SimStudioAI Sim versions prior to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. The vulnerability arises in the file 'apps/sim/app/api/proxy/image/route.ts', where the GET function fails to properly validate request parameters. This oversight allows for unauthorized requests to internal services or local files, potentially leading to exposure of sensitive information or cloud metadata.

Impact

Exploitation of this vulnerability allows for unauthorized access to internal network services, local files, and cloud metadata, which could be used to compromise cloud infrastructure.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/api/proxy/image' endpoint with a 'url' parameter that includes a file URL, such as 'file:///etc/passwd'. This can be done using a tool like curl. The response will include the contents of the requested file, demonstrating the successful exploitation of the SSRF vulnerability.

Remediation

Users are advised to update to the latest version of SimStudioAI Sim, where this vulnerability has been patched.