This module enables you to use OpenAI as a provider for the AI module.
The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery (SSRF) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have the access to change the host url and a way to generate AI-generated images.
Install the latest version:
- If you use the OpenAI Provider module 1.1.0, upgrade to OpenAI Provider 1.1.1
- If you use the OpenAI module 1.2.1 upgrade to OpenAI Provider 1.2.2
- Bram Driesen (bramdriesen) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team