SillyTavern Server-Side Request Forgery Vulnerability in Search Endpoint

A server-side request forgery (SSRF) vulnerability has been identified in SillyTavern versions prior to 1.17.0. The issue arises in the search endpoint, where hostname validation only permits literal dotted-quad IPv4 addresses. This oversight allows bypassing the validation with localhost, IPv6 loopback addresses, and certain DNS names that resolve to internal addresses. Although a separate port check restricts exploitation to default ports, this vulnerability still poses a moderate risk by enabling authenticated users to access internal services on those ports.

Impact

Exploitation of this vulnerability allows authenticated users to manipulate the server into making requests to internal resources on default ports, potentially leading to unauthorized access or disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, install SillyTavern version 1.16.0 and send a POST request to the '/api/search/visit' endpoint. Include a URL that bypasses the IP validation, such as 'http://localhost/' or 'http://[::1]/'. The server will attempt to fetch the URL, and a response status of 500 indicates a successful bypass.

Remediation

Users can upgrade to SillyTavern version 1.17.0 or later, where this vulnerability has been patched.