rembg 2.0.74

Direct Vulnerabilities

Known vulnerabilities in the rembg package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) rembg is a Remove image background Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/api/remove` endpoint, which accepts a URL parameter and fetches external resources. An attacker can access internal network resources and retrieve sensitive image data by supplying crafted URLs to this endpoint. How to fix Server-side Request Forgery (SSRF)? Upgrade `rembg` to version 2.0.75 or higher.	[,2.0.75)
M Directory Traversal rembg is a Remove image background Affected versions of this package are vulnerable to Directory Traversal via the `model_path` parameter in the HTTP server for custom model types (`u2net_custom`, `dis_custom`, `ben_custom`). An attacker can access arbitrary files on the server's filesystem by sending specially crafted requests, which may reveal file existence, permissions, and potentially file contents through error messages. How to fix Directory Traversal? Upgrade `rembg` to version 2.0.75 or higher.	[,2.0.75)
M Server-side Request Forgery (SSRF) rembg is a Remove image background Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/api/remove` endpoint, which takes a URL query parameter to fetch, process, and return images. An attacker can access pictures hosted on the internal network of the server. How to fix Server-side Request Forgery (SSRF)? Upgrade `rembg` to version 2.0.75 or higher.	[,2.0.75)
H Origin Validation Error rembg is a Remove image background Affected versions of this package are vulnerable to Origin Validation Error in the `add_middleware()` function in `s_command.py`, which reflects all origins by default. Due to the `allow_credentials=True` setting, an attacker can send authenticated cross-site requests and access unintended APIs. How to fix Origin Validation Error? Upgrade `rembg` to version 2.0.75 or higher.	[,2.0.75)

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

rembg is a Remove image background

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the /api/remove endpoint, which accepts a URL parameter and fetches external resources. An attacker can access internal network resources and retrieve sensitive image data by supplying crafted URLs to this endpoint.

How to fix Server-side Request Forgery (SSRF)?

Upgrade rembg to version 2.0.75 or higher.

[,2.0.75)

Directory Traversal

rembg is a Remove image background

Affected versions of this package are vulnerable to Directory Traversal via the model_path parameter in the HTTP server for custom model types (u2net_custom, dis_custom, ben_custom). An attacker can access arbitrary files on the server's filesystem by sending specially crafted requests, which may reveal file existence, permissions, and potentially file contents through error messages.

How to fix Directory Traversal?

Upgrade rembg to version 2.0.75 or higher.

[,2.0.75)

Server-side Request Forgery (SSRF)

rembg is a Remove image background

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the /api/remove endpoint, which takes a URL query parameter to fetch, process, and return images. An attacker can access pictures hosted on the internal network of the server.

How to fix Server-side Request Forgery (SSRF)?

Upgrade rembg to version 2.0.75 or higher.

[,2.0.75)

Origin Validation Error

rembg is a Remove image background

Affected versions of this package are vulnerable to Origin Validation Error in the add_middleware() function in s_command.py, which reflects all origins by default. Due to the allow_credentials=True setting, an attacker can send authenticated cross-site requests and access unintended APIs.

How to fix Origin Validation Error?

Upgrade rembg to version 2.0.75 or higher.

[,2.0.75)

rembg@2.0.74

Remove image background

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically