LobeChat < 0.150.6 Server-Side Request Forgery

According to the self-reported version in its response header, the version of LobeChat hosted on the remote web server is prior to 0.150.6. It is, therefore, affected by a Server-Side Request Forgery through agent proxy configuration. Note that the scanner has not tested for these issues but has...

Lobe Chat Security Vulnerability

Lobe Chat is an open source, high performance chatbot framework. A security vulnerability exists in Lobe Chat versions prior to 0.150.6, which stems from an unauthorized server-side request forgery vulnerability that allows an attacker to construct a malicious request without logging in, resultin...

CVE-2024-32964

Summary of the CVE-2024-32964 family (Lobe Chat) : A Server-Side Request Forgery vulnerability was reported in Lobe Chat prior to version 0.150.6, targeting the /api/proxy endpoint. Connected sources consistently describe an unauthenticated SSRF where an attacker can persuade the server to fetch ...

PT-2024-25011 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 0.150.6 Description: The issue is related to an unauthorized Server-Side Request Forgery SSRF vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause SSRF without logging in,...