mirror of
https://github.com/open-webui/open-webui.git
synced 2026-05-18 05:05:09 +02:00
2d9939ed49
* chore: add validate_url() to get_image_data() for cohort consistency hardening `get_image_data()` in `backend/open_webui/routers/images.py` fetches the URL returned by the configured image generation API directly via `session.get(data)` without first calling `validate_url()`. The sibling `load_url_image()` in the same file (called from /images/edit) calls `validate_url(data)` first — that gate was added under GHSA-jgx9-jr5x-mvpv. The two functions handle structurally identical input (an attacker-or-server-supplied URL string) and should enforce the same SSRF gate as a matter of code hygiene. In the current call graph, the URL passed to `get_image_data()` comes from the admin-configured image generation API's response, so an exploitable SSRF chain additionally requires admin-side trust delegation (misconfigured/untrusted upstream image API, or a custom OpenAI-compatible server that reflects user input into response URLs). That makes the missing call a defense-in-depth gap rather than a vulnerability per SECURITY.md Rule 9 — a position the GHSA-h7cc-wwjp-5xqh advisory is being closed under. This change is hardening: it brings the two image-fetch helpers into alignment so any future caller that begins passing user-influenced URLs into `get_image_data()` is gated by the same private-IP / loopback / metadata-IP filter the rest of the codebase enforces. Surface raised by brodmart in GHSA-h7cc-wwjp-5xqh. Co-authored-by: brodmart <brodmart@users.noreply.github.com> * chore: trim comment --------- Co-authored-by: brodmart <brodmart@users.noreply.github.com>