VYPR

Maven package

org.springframework.ai/spring-ai-bedrock-converse

pkg:maven/org.springframework.ai/spring-ai-bedrock-converse

Vulnerabilities (1)

  • CVE-2026-22742HigMar 27, 2026
    affected >= 1.0.0-M5, < 1.0.5fixed 1.0.5

    Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to