VDB
KO
MEDIUM 6.3

GHSA-hchg-qm84-cj9p

Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint

Details

A security vulnerability has been detected in Aider-AI Aider 0.86.3.dev. This affects the function requests.get of the file api_docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. It is suggested to install a patch to address this issue. The pull request to fix this issue awaits acceptance.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / aider-chat
Introduced in: 0

No fixed version published yet for aider-chat (pip). Pin to a known-safe version or switch to an alternative.

References