Files
open-webui/backend/open_webui
Classic298 01198eaeef Close DNS-rebinding SSRF gap in get_content_from_url probe (#25775)
The web-ingest probe in get_content_from_url validated the URL at resolve
time (validate_url) but then fetched with a bare requests.get, which
re-resolves the hostname at connect time. An attacker-controlled name
server can answer with a public IP during validation and an internal IP
at connect, reaching cloud metadata / loopback / internal services (blind
always; binary content-types are read back to the caller). The
connection-layer guard (#24759) that closes this for the SafeWebBaseLoader
path was never mounted on this probe.

Route the probe through the same _SSRFSafeAdapter the loader uses, so the
resolution that feeds the TCP connect is re-validated against the
global-IP check.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 02:15:31 -05:00
..
2026-06-17 02:52:35 +02:00
2026-06-29 00:21:37 -05:00
2026-06-29 00:46:45 -05:00
2026-06-17 03:01:11 +02:00
2026-06-29 01:52:07 -05:00
2026-06-28 23:02:38 -05:00
2026-06-25 15:56:10 +01:00
2026-06-29 00:40:28 -05:00