Description

The web application using the Large Language Model (LLM) is vulnerable to Server-Side Request Forgery (SSRF) attacks. When presented with specially crafted prompts, the LLM makes HTTP requests to external domains and includes the response content in its answers. This vulnerability allows attackers to force the LLM to make unauthorized network connections, potentially accessing internal resources or leaking sensitive information.

Remediation

1. Implement strict network access controls for the LLM runtime environment. 2. Disable the ability for the LLM to make outbound network connections unless absolutely necessary. 3. If network access is required, implement a whitelist of allowed domains and endpoints. 4. Add input validation to detect and block prompts that attempt to trigger network requests. 5. Monitor and log all network connections made by the LLM system for security analysis. 6. Consider implementing a proxy server for all LLM outbound requests with additional security controls.

References

OWASP Top 10 for LLM Applications

CWE-918: Server-Side Request Forgery (SSRF)

Related Vulnerabilities

Apache Solr SSRF CVE-2017-3164

WordPress Plugin Google Forms Server-Side Request Forgery (0.91)

VMware vCenter vcavbootstrap Arbitrary File Read

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Server-Side Request Forgery (3.4.3)

SSRF via logo_uri in MITREid Connect

Severity

High

Classification

CWE-918 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SSRF