Lintsinghua DeepAudit Server-Side Request Forgery Vulnerability in IP Address Handler

A server-side request forgery (SSRF) vulnerability has been identified in Lintsinghua DeepAudit versions through 3.0.3. The issue arises in the IP Address Handler component, specifically within the file 'backend/app/api/v1/endpoints/embedding_config.py'. The vulnerability can be exploited remotely by bypassing the application's internal IP range validation using IPv6-mapped IPv4 addresses. This flaw allows attackers to manipulate requests in a way that could access internal services or resources.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can manipulate the server to make requests on their behalf. This could potentially be used to access internal services, perform actions as the server, or exfiltrate data.

Reproduction

The vulnerability can be reproduced by sending a request to the '/api/v1/embedding/test' endpoint with an IPv6-mapped IPv4 address that falls within the internal IP ranges, such as 'http://[::ffff:127.0.0.1]:8080' or 'http://[::ffff:192.168.1.1]:8080'. The server's response can be observed to confirm the bypass.

Remediation

Users are advised to upgrade to DeepAudit versions 3.0.4 or 3.1.0, both of which address this vulnerability. The upgrade can be downloaded from the DeepAudit GitHub repository.