Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn morespring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.
Spring AI:
| Fix version | Availability |
|---|---|
| 1.1.4 | OSS |
| 1.0.5 | OSS |
No further mitigation steps are necessary.
The issue was reported responsibly by Hyunwoo Kim (@V4bel)
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy