BigSweetPotatoStudio HyperChat Server-Side Request Forgery Vulnerability in AI Proxy Middleware

A server-side request forgery (SSRF) vulnerability has been identified in BigSweetPotatoStudio HyperChat versions through 2.0.0-alpha.63. The issue resides in the AI Proxy Middleware component, specifically within the 'fetch' function of 'packages/core/src/http/aiProxyMiddleware.mts'. This vulnerability allows an attacker to manipulate the 'baseurl' request header, leading to unauthorized outbound HTTP requests from the server to attacker-controlled or internal destinations. Exploitation can be performed remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the server is coerced into making arbitrary outbound HTTP requests. This could be used to access internal services or resources, potentially leading to further exploitation or data exposure.

Reproduction

To reproduce this vulnerability, send a request to the HyperChat HTTP service on the '/<password>/ai/v1/chat/completions' route. Include an attacker-controlled 'baseurl' header with a URL pointing to an external HTTP listener. The server will forward the request to the specified URL, demonstrating the SSRF vulnerability.