drupal/ai_provider_openai is vulnerable to Server-side Request Forgery (SSRF)
50
Medium Risk
The Drupal OpenAI provider module is vulnerable to server-side request forgery (SSRF) due to insufficient sanitization of user-supplied URLs. This issue only affects sites where an attacker can modify the configured host URL and trigger AI-generated image requests.
You are affected if you are using a version that falls within the vulnerable range.
drupal/ai_provider_openai is vulnerable to Server-side Request Forgery (SSRF) in versions 0.0.1 - 1.1.0 and 1.2.0 - 1.2.1.
Upgrade the drupal/ai_provider_openai library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant