SSRF in GoCLAW TTS API via Unvalidated URL Config (PoC)

Vulnerability Overview Title: Server-Side Request Forgery (SSRF) via Unvalidated TTS Provider API Base Configuration #1132 Description: An unvalidated URL field exists in the Text-to-Speech (TTS) configuration endpoint ( ), allowing users with administrator privileges (or any user in a default single-user setup) to store a malicious API Base URL. When a TTS speech synthesis request is triggered, the backend application communicates with the configured endpoint using a standard HTTP client, thereby creating an entry point for Server-Side Request Forgery (SSRF). This allows external attackers to force the server to interact with internal resources (such as private subnets, localhost endpoints, or cloud metadata services) without authorization. Root Cause: The root cause of the vulnerability lies in the method of . When a request is sent to , the backend parses and directly applies text variables—including custom entries—for system configurations such as OpenAI, ElevenLabs, and MiniMax, without performing adequate pre-validation. PoC: Prerequisites: - A Go framework running PostgreSQL in a standard deployment. - Access to the route. In a normal deployment environment operating under the default topology (where relies on single-user mode), any unauthenticated attacker inherits permissions, significantly lowering the barrier to executing this attack. Reproduction Steps: 1. Start the vulnerable topology context using the provided simplified compose configuration and PostgreSQL. 2. Inject a malicious AWS instance metadata address ( ) using the provided Python script, then trigger speech synthesis via a ping. 3. A supplementary control script is provided to demonstrate that the corresponding connection check method correctly filters out the injected payload. 4. Execute to observe timeout behavior reflecting a successful call to the target internal network. Impact Scope Affected Products: Ecosystem: go Package Name: github.com/nextlevelbuilder/goclaw Affected Versions: <= 3.11.3 Fixed Versions: Not specified Severity: Severity: High Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Weakness: CWE: CWE-918: Server-Side Request Forgery (SSRF) Remediation Fix Status: Fixed Version: Not specified Fix Plan: Upstream critical fix plan: 3 active fixes + 1 verification patch Code Example: Log Evidence: Server Application Logs: Conclusion: This Server-Side Request Forgery (SSRF) vulnerability allows external threat actors to conduct internal network probing under the guise of authenticated web service operations. When running on AWS or Google Cloud infrastructure deployments, it introduces severe risk as it can capture metadata instance IAM tokens (by exploiting ), subsequently escalating privileges within the cloud ecosystem environment. It can also manipulate internal unexposed databases, access legacy microservice interfaces, or cause destructive impacts through blind port scanning.

Goal Reached Thanks to every supporter — we hit 100%!

SSRF in GoCLAW TTS API via Unvalidated URL Config (PoC)

More from this source