CVE-2026-39406

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

CVE-2026-39406

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

CVE-2026-39406 @hono/node-server has a middleware bypass via repeated slashes in serveStatic

@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the...

Node.js Adapter for Hono 路径遍历漏洞

The Node.js Adapter for Hono is an open-source tool developed by Hono, designed to run Hono applications on Node.js. Versions of the Node.js Adapter for Hono prior to 1.19.13 contained a path traversal vulnerability. This vulnerability stemmed from inconsistent path handling, allowing access to...

EUVD-2024-2703

Malicious code in bioql PyPI...

CVE-2024-47066

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to...

CVE-2024-32965

CVE-2024-32965 concerns Lobe Chat (lobe-chat) before version 1.19.13, with an unauthenticated SSRF vulnerability. The issue allows constructing malicious requests that trigger SSRF to internal services, potentially leaking sensitive information. The weakness is tied to the proxy address and OpenA...

CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

PT-2024-25012 · Openai · Openai Api

Name of the Vulnerable Software and Affected Versions: lobe-chat versions prior to 1.19.13 Description: Lobe Chat is an open-source, AI chat framework. The issue allows an attacker to construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive...

CVE-2024-47066

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to...

Lobe Chat 代码问题漏洞

Lobe Chat is an open source, high-performance chatbot framework open sourced from LobeHub. A code issue vulnerability exists in Lobe Chat prior to version 1.19.13, which stems from the server-side request forgery protection implemented in src/app/api/proxy/route.ts does not account for redirectio...

PT-2024-32383 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 1.19.13 Description: The issue concerns a server-side request forgery protection bypass in Lobe Chat, an open-source artificial intelligence chat framework. This protection, implemented in src/app/api/proxy/route.t...