mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-31 07:38:52 +01:00
4fd09946d2
Addresses Server-Side Request Forgery vulnerability that allowed authenticated attackers to interact with arbitrary internal/external HTTP services via the Actions feature, including the internal RAG API, localhost services, and cloud metadata endpoints. ## Security Changes ### 1. SSRF Target Blocklist (when allowedDomains is empty) - Block localhost and loopback addresses (127.0.0.0/8, ::1) - Block private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) - Block link-local/cloud metadata IPs (169.254.0.0/16) - Block common internal Docker/Kubernetes service names (rag_api, redis, mongo, etc.) - Block .internal and .local TLDs Admins can still explicitly allow internal targets by adding them to `actions.allowedDomains` in librechat.yaml. ### 2. Protocol and Port Restrictions Enhanced `allowedDomains` to support protocol and port constraints: - `example.com` - any protocol, any port (existing behavior) - `https://example.com` - HTTPS only, any port - `https://api.example.com:8443` - HTTPS only, port 8443 only This allows admins to restrict actions to specific protocols/ports, preventing attackers from accessing unintended services on allowed domains. ### 3. Redirect-based SSRF Prevention Disabled automatic redirect following in action HTTP requests (`maxRedirects: 0`). This prevents attackers from bypassing domain restrictions by: 1. Pointing action to allowed external domain 2. External domain redirects to internal service (e.g., 127.0.0.1) 3. Server follows redirect and accesses internal service ## Files Changed - packages/api/src/auth/domain.ts: Added isSSRFTarget(), parseDomainSpec(), updated isActionDomainAllowed() with protocol/port matching - packages/api/src/auth/domain.spec.ts: Added tests for SSRF protection, protocol restrictions, and port restrictions - packages/data-provider/src/actions.ts: Added maxRedirects: 0 to axios config ## Configuration Example # librechat.yaml actions: allowedDomains: - "https://api.example.com" # HTTPS only - "https://api.example.com:8443" # HTTPS + specific port - "http://localhost:3000" # Admin override for local devRef: SBA-ADV-20251205-02 CVSSv3: 9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L |
||
|---|---|---|
| .. | ||
| acl | ||
| agents | ||
| app | ||
| auth | ||
| cache | ||
| cdn | ||
| cluster | ||
| crypto | ||
| db | ||
| endpoints | ||
| files | ||
| flow | ||
| mcp | ||
| memory | ||
| middleware | ||
| oauth | ||
| prompts | ||
| stream | ||
| tools | ||
| types | ||
| utils | ||
| web | ||
| index.ts | ||