Description
Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthenticated users to achieve Server-Side Request Forgery (SSRF) by supplying a custom typebot definition with server-side code blocks. The fetch function exposed inside the isolated-vm sandbox calls Node.js native fetch without the SSRF validation (validateHttpReqUrl) that protects the HTTP Request block. This bypasses all SSRF mitigations added after GHSA-8gq9-rw7v-3jpr. Exploitation of this unauthenticated SSRF vulnerability can lead to cloud credential theft, internal network access and data exfiltration for any self-hosted Typebot deployments and hosted services. This issue has been fixed in version 3.16.0.
Problem types
CWE-862: Missing Authorization
CWE-918: Server-Side Request Forgery (SSRF)
Product status
References
github.com/...bot.io/security/advisories/GHSA-vc2q-r6rq-ggj9
github.com/...bot.io/security/advisories/GHSA-vc2q-r6rq-ggj9
github.com/baptisteArno/typebot.io/releases/tag/v3.16.0