Coordinated Disclosure Timeline

Summary

rembg server is vulnerable to Server-Side Request Forgery (SSRF) and a weak default CORS configuration, which may allow an attacker website to send requests to servers on the internal network and view image responses.

Project

rembg

Tested Version

v2.0.57

Details

Issue 1: SSRF via /api/remove (GHSL-2024-161)

The /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server.

 async def get_index(
        url: str = Query(
            default=..., description="URL of the image that has to be processed."
        ),
        commons: CommonQueryParams = Depends(),
    ):
        async with aiohttp.ClientSession() as session:
            async with session.get(url) as response:
                file = await response.read()
                return await asyncify(im_without_bg)(file, commons)

Impact

This issue may lead to Information Disclosure.

Issue 2: CORS misconfiguration (GHSL-2024-162)

The following CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests.

    app.add_middleware(
        CORSMiddleware,
        allow_credentials=True,
        allow_origins=["*"],
        allow_methods=["*"],
        allow_headers=["*"],
    )

Impact

This issue may increase the severity of other vulnerabilities.

CVE

Credit

These issues were discovered and reported by GHSL team member @Kwstubbs (Kevin Stubbings).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2024-161 or GHSL-2024-162 in any communication regarding these issues.