CodeCow/typebot.io
1
0
Fork 0
mirror of https://github.com/baptisteArno/typebot.io.git synced 2026-06-05 21:04:43 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
53e90c497d
typebot.io/.github
History
Baptiste Arnaud b25c41b02b
🐛 Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461) 
- Add `createSafeDispatcher` with a `validatingLookup` that checks
resolved IPs at TCP connection time, preventing DNS rebinding TOCTOU
attacks (GHSA-hgqq-whf5-mrrf)
- Pass the safe undici dispatcher in `safeFetchWithoutChunkedEncoding`
(`ky.ts`) and in the isolated VM fetch wrapper (`executeFunction.ts`)
- Export `parseIPAddress`, `validateIPAddress` and `ParsedIP` from
`validateHttpReqUrl.ts` for reuse in the dispatcher
- Add unit tests for `validatingLookup` and E2E test bot/spec for SSRF
scenarios
- Add `@types/bun` to `packages/lib` tsconfig

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 09:28:06 +00:00
..
images docs: update README banner 2025-01-23 14:50:45 +01:00
ISSUE_TEMPLATE 👷 Add stale issue Github automation 2025-11-13 16:29:21 +01:00
videos docs: 📝 Add demo in README 2022-05-17 10:12:54 -07:00
workflows 🐛 Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461) 2026-04-15 09:28:06 +00:00
FUNDING.yml Create FUNDING.yml 2021-12-08 10:01:23 +01:00
skills Add turborepo skill references and fix symlinks (#2368) 2026-01-24 17:58:11 +01:00