Description
Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2.
Problem types
CWE-918 Server-Side Request Forgery (SSRF)
Product status
1.2.0 (semver) before 1.2.2
Credits
Kuniyoshi Noguchi (kuninogu)
Artem Dmitriiev (a.dmitriiev)
Kuniyoshi Noguchi (kuninogu)
Marcus Johansson (marcus_johansson)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
References
www.drupal.org/sa-contrib-2026-053