[PR #626] [MERGED] Prevent private octets from link collection for self-hosted #3432

Closed
opened 2026-02-22 18:33:46 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/626
Author: @timothycarambat
Created: 1/19/2024
Status: Merged
Merged: 1/19/2024
Merged by: @timothycarambat

Base: masterHead: security/block-private-octets


📝 Commits (1)

  • 6c5107c Prevent private octets from link collection for self-hosted

📊 Changes

2 files changed (+15 additions, -4 deletions)

View changed files

📝 collector/utils/url/index.js (+14 -0)
📝 server/endpoints/system.js (+1 -4)

📄 Description

Block private octets of link-scraping & collection just in case a user self-hosts AnythingLLM on the same network as another service that has zero authentication or access controls on it. Attackers in this case would also need to explicitly be granted high-level permissions to accomplish this in addition to knowing valid internal IPs.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/626 **Author:** [@timothycarambat](https://github.com/timothycarambat) **Created:** 1/19/2024 **Status:** ✅ Merged **Merged:** 1/19/2024 **Merged by:** [@timothycarambat](https://github.com/timothycarambat) **Base:** `master` ← **Head:** `security/block-private-octets` --- ### 📝 Commits (1) - [`6c5107c`](https://github.com/Mintplex-Labs/anything-llm/commit/6c5107c29614f572c575958708805e18810a100d) Prevent private octets from link collection for self-hosted ### 📊 Changes **2 files changed** (+15 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `collector/utils/url/index.js` (+14 -0) 📝 `server/endpoints/system.js` (+1 -4) </details> ### 📄 Description Block private octets of link-scraping & collection just in case a user self-hosts AnythingLLM on the same network as another service that has zero authentication or access controls on it. Attackers in this case would also need to explicitly be granted high-level permissions to accomplish this in addition to knowing valid internal IPs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:33:46 -05:00
yindo closed this issue 2026-02-22 18:33:46 -05:00
yindo changed title from [PR #626] Prevent private octets from link collection for self-hosted to [PR #626] [MERGED] Prevent private octets from link collection for self-hosted 2026-06-05 15:13:23 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#3432