langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

OpenClaw: Browser CDP profile creation skipped strict-mode SSRF checks

OpenClaw: QQBot direct media upload skipped URL SSRF validation

used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independent DNS resolution. This

counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed

Fickling has a detection bypass via stdlib network-protocol constructors