Docling-Graph: SSRF via Missing Internal IP Validation in URLInputHandler
Docling-Graph turns documents into validated Pydantic objects, then builds a directed knowledge graph with explicit semantic relationships. Prior to 1.5.1, the URLInputHandler class in docling_graph/core/input/handlers.py makes HTTP requests to user-supplied URLs without validating whether the target resolves to a private, loopback, or link-local IP address. The URLValidator only checks for a valid scheme and non-empty netloc, performing no IP-level validation. Additionally, requests.head() was called with allow_redirects=True, allowing an attacker to redirect requests to internal endpoints via an intermediary URL. An attacker who can control the --source CLI argument or PipelineConfig.source API parameter can trigger Server-Side Request Forgery (SSRF). This vulnerability is fixed in 1.5.1.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-601 | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| CWE | CWE-918 | CWE-918: Server-Side Request Forgery (SSRF) |
Type: CWE
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
Description: CWE-918: Server-Side Request Forgery (SSRF)
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N