Lucene search

GoogleOSV:CVE-2024-24566

HistoryJan 31, 2024 - 5:15 p.m.

CVE-2024-24566

2024-01-3117:15:39

Google

osv.dev

lobe chat

chatbot

speech synthesis

multimodal

function call plugin

vulnerability

patched software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.

CPENameOperatorVersion
lobe-chateq0.120.4
lobe-chateq0.94.0
lobe-chateq0.27.2
lobe-chateq0.36.0
lobe-chateq0.28.0
lobe-chateq0.56.0
lobe-chateq0.83.9
lobe-chateq0.122.3
lobe-chateq0.110.3
lobe-chateq0.43.0

Name	Operator	Version
lobe-chat	eq	0.120.4
lobe-chat	eq	0.94.0
lobe-chat	eq	0.27.2
lobe-chat	eq	0.36.0
lobe-chat	eq	0.28.0
lobe-chat	eq	0.56.0
lobe-chat	eq	0.83.9
lobe-chat	eq	0.122.3
lobe-chat	eq	0.110.3
lobe-chat	eq	0.43.0

Rows per page:

1-10 of 3921

References

github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd

github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:CVE-2024-24566