Spring AI Bedrock Converse Server-Side Request Forgery Vulnerability in BedrockProxyChatModel
Vulnerability
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Spring AI's spring-ai-bedrock-converse, specifically within the BedrockProxyChatModel. This vulnerability arises when the model processes multimodal messages that contain user-supplied media URLs. The issue is due to inadequate validation of these URLs, which allows an attacker to manipulate the server into making HTTP requests to unintended internal or external destinations. This vulnerability affects Spring AI versions 1.0.0 prior to 1.0.5 and 1.1.0 prior to 1.1.4.
Impact
Exploitation of this vulnerability allows for Server-Side Request Forgery, where the server is tricked into making requests on behalf of the attacker. This could potentially be used to access internal services or resources that are not normally exposed to the outside world.
Remediation
Users of affected versions should upgrade to Spring AI version 1.0.5 or 1.1.4, depending on their current version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.