The vulnerability stems from the application's ability to fetch arbitrary URLs without proper validation or restriction. An attacker can exploit this by requesting URLs that are internally accessible within AWS environments, such as the metadata service at http://169.254.169.254. This service provides sensitive information, including AWS credentials, which can be accessed without authentication from within the instance. The lack of URL filtering or whitelisting mechanisms in the application makes it susceptible to SSRF attacks, leading to potential unauthorized access to AWS resources.

An attacker, possibly with manager role privileges within the application, crafts a malicious request to the application's URL fetching functionality. This request targets the AWS metadata service URL (http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance) to retrieve AWS credentials. Once the application fetches this URL, it inadvertently accesses and saves the AWS metadata, including credentials, which the attacker can then use to gain unauthorized access to AWS resources.

Any user hosting the anything-llm application on AWS prior to version 1.0.0 is vulnerable to this attack. The vulnerability specifically impacts those with the application configured to allow fetching of external URLs, which can be exploited to access sensitive AWS metadata.