i/next-ai-draw-io
1
0
Fork 0
mirror of https://github.com/DayuanJiang/next-ai-draw-io.git synced 2026-01-02 14:22:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent SSRF attack via custom base URL (GHSA-9qf7-mprq-9qgm)

Browse Source 
Require API key when custom base URL is provided to prevent attackers
from redirecting server API keys to malicious endpoints.

CVSS: 9.3 (Critical)
This commit is contained in:
Dayuan Jiang
2025-12-15 15:02:18 +09:00
parent f175276872
commit 44840d27b3
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "next-ai-draw-io",
"version": "0.4.1",
"version": "0.4.2",
"license": "Apache-2.0",
"private": true,
"scripts": {