—
DRUPAL-CONTRIB-2026-053
상세
This module enables you to use OpenAI as a provider for the AI module.
The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery (SSRF) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the access to change the host url and a way to generate AI-generated images.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Packagist:https://packages.drupal.org/8 / drupal/ai_provider_openai
최초 영향 버전:
0 수정 버전: 1.1.1 Upgrade drupal/ai_provider_openai to 1.1.1 or newer (ecosystem packagist:https://packages.drupal.org/8).