Vibrantlabsai RAGAS Server-Side Request Forgery Vulnerability in Collections Module

A server-side request forgery (SSRF) vulnerability has been identified in vibrantlabsai RAGAS versions through 0.4.3, specifically within the Collections Module. The issue arises in the functions '_try_process_local_file()' and '_try_process_url()' located in 'src/ragas/metrics/collections/multi_modal_faithfulness/util.py'. The vulnerability can be exploited by manipulating the 'retrieved_contexts' argument, allowing remote attackers to send requests to internal servers or cloud metadata endpoints, potentially leading to unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server is tricked into making HTTP requests to internal services or external URLs, bypassing network restrictions. This could be used to access private data or services, or to interact with cloud metadata endpoints, which can contain sensitive information such as credentials.

Reproduction

To reproduce this vulnerability, send a POST request to the '/evaluate' endpoint with a JSON payload that includes a 'retrieved_contexts' array. For the local file inclusion (LFI) exploit, include a path to a file on the server, such as '/etc/shadow_image.png'. The response will contain the base64-encoded file content, which is also sent to the LLM API. For the SSRF exploit, include an internal URL, such as one pointing to a cloud metadata service, which could be used to steal cloud credentials.