Skip to content

SSRF Vulnerability in Frames API #1602

Open
Bug
Open
SSRF Vulnerability in Frames API#1602
Bug
Labels
bugSomething isn't working
@Jhonattan2121

Description

@Jhonattan2121
Jhonattan2121
opened on Dec 1, 2025

Context

The src/app/api/frames/route.ts fetches URLs provided by the user (or indirectly via Frame buttons) to parse OpenGraph metadata.

const response = await fetch(url, { ... });

Problem

  • SSRF (Server-Side Request Forgery): An attacker could provide a URL pointing to internal infrastructure (e.g., http://localhost:3000, http://169.254.169.254, or internal database ports).
  • Information Disclosure: The server might return error messages revealing internal network topology.

Proposed Solution

Implement an SSRF filter for the URL before fetching.

  1. Resolve the DNS of the target URL.
  2. Check if the IP address falls into private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8).
  3. Block requests to internal IPs.
  4. Use a library like ssrf-req-filter if available, or implement strict regex checks.

Acceptance Criteria

  • Requests to localhost or 127.0.0.1 are rejected.
  • Requests to private IP ranges are rejected.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Bug

    Fields

    No fields configured for Bug.

    Projects

    nounspace v0.1

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions