rembg, SSRF & CORS Misconfiguration, GHSL-2024-161 and GHSL-2024-162 (Medium)

Listen to this Post

How the mentioned CVE works (GHSL-2024-161 SSRF):

The `/api/remove` endpoint accepts a `url` query parameter. The server uses aiohttp to fetch the image from that URL without validation. An attacker can supply an internal IP (e.g., http://127.0.0.1/secret.png`). The server then makes the request and returns the processed image. This allows reading files from localhost or internal network services. No authentication is required. The endpoint acts as a blind proxy. The response is an image, so any internal HTTP resource that returns image data can be exfiltrated. For non-image data, the server may error but still disclose existence. The issue is SSRF (Server-Side Request Forgery). GHSL-2024-162 CORS misconfiguration: The FastAPI app uses `CORSMiddleware` with `allow_origins=[""]` andallow_credentials=True. This reflects any origin. Any website can send authenticated cross-origin requests. Combined with SSRF, a malicious site can force a victim’s browser to call `/api/remove` and fetch internal images. The CORS header `Access-Control-Allow-Origin` echoes the attacker’s origin. Credentials (cookies) are sent if any auth exists. This turns a simple SSRF into a cross-site attack. The PoC usesfetch(“http://localhost:7000/api/remove?url=http://0.0.0.0/secret.jpg”)`. An attacker website can read the response. The victim must be running the rembg server locally and visit the attacker’s page. The default configuration exposes internal images to the web.

dailycve form:

Platform: rembg server
Version: v2.0.57
Vulnerability: SSRF CORS misconfig
Severity: Medium
date: 2026-04-11

Prediction: Patch 2026-07-10

What Undercode Say:

Analytics:

Check if endpoint is vulnerable
curl -s "http://target:7000/api/remove?url=http://169.254.169.254/latest/meta-data/" -o test.png
Test CORS reflection
curl -H "Origin: https://evil.com" -v "http://target:7000/api/remove?url=https://example.com/img.png" 2>&1 | grep -i "access-control-allow-origin"

Exploit:

// Malicious website JavaScript
fetch('http://victim:7000/api/remove?url=http://127.0.0.1/secret.png')
.then(r => r.blob())
.then(blob => { / send blob to attacker server / });

Protection from this CVE

  • Validate URL: block private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16).
  • Set `allow_origins` to a specific trusted list, never `[“”]` with credentials.
  • Use network isolation or a firewall to restrict rembg server access to localhost only.

Impact:

Information disclosure of internal images, metadata endpoints (e.g., cloud metadata), and any reachable HTTP resource. Combined with CORS, an attacker website can silently exfiltrate internal data from a victim running the rembg server.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top