FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthenticated attackers to perform SSRF against internal network resources. This vulnerability is fixed in 4.14.10.3.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NFastgpt
APPFastgpt< 4.14.10.3
Powiązane podatności
NoSQL Injection w FastGPT umożliwia pominięcie uwierzytelnienia
FastGPT: nieuwierzytelniony endpoint proxy HTTP umożliwia SSRF
FastGPT: RCE i eksfiltracja sekretów przez złośliwy Dockerfile w workflow CI/CD
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulne...
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) to...