Ai Gateway
Monthly
Server-side request forgery in Helicone ai-gateway (up to 0.2.0-beta.30) allows a low-privileged remote attacker to manipulate the `extracted_path_and_query` argument within the `build_target_url` function of the AWS Metadata Service component, causing the gateway to issue unauthorized server-side HTTP requests to internal infrastructure. For deployments on AWS, this most critically targets the EC2 Instance Metadata Service (IMDS) at 169.254.169.254, potentially exposing IAM role credentials that carry blast radius far exceeding the assigned CVSS 5.3 score. A public exploit exists via GitHub, and the vendor was unresponsive to pre-disclosure contact, meaning no vendor-confirmed patch is available at time of analysis.
Server-side request forgery in Helicone ai-gateway (up to 0.2.0-beta.30) allows a low-privileged remote attacker to manipulate the `extracted_path_and_query` argument within the `build_target_url` function of the AWS Metadata Service component, causing the gateway to issue unauthorized server-side HTTP requests to internal infrastructure. For deployments on AWS, this most critically targets the EC2 Instance Metadata Service (IMDS) at 169.254.169.254, potentially exposing IAM role credentials that carry blast radius far exceeding the assigned CVSS 5.3 score. A public exploit exists via GitHub, and the vendor was unresponsive to pre-disclosure contact, meaning no vendor-confirmed patch is available at time of analysis.