Skip to content

@ai-sdk/prodia@1.0.32

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 04:28
· 1038 commits to main since this release
@ai-sdk/prodia@1.0.32
dca8c38
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • 3ee4555: fix(prodia): validate user-supplied image URLs before fetching (SSRF)

    The Prodia video model's resolveVideoFileData fetched a user-supplied image URL directly with fetch(), bypassing the SDK's SSRF guard. An attacker who could supply the image URL could make the server request internal endpoints (e.g. cloud metadata) and have the response uploaded to Prodia's API. The URL is now downloaded via downloadBlob, which routes through validateDownloadUrl and rejects private/internal addresses, matching the pattern used by other providers.

Assets 2
Loading