CVE-2024-47066

CVE-2024-47066 (Lobe Chat) is an SSRF issue in Lobe Chat prior to version 1.19.13 where server-side proxy protection in src/app/api/proxy/route.ts does not handle redirects, allowing an attacker-supplied URL to redirect to internal resources (e.g., private networks or loopback). The vulnerability...

ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.1.0), ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7) +2663 more potentially affected by CVE-2024-38816 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.12)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =1.12.0, =1.14.0 - ai.yda-framework:rest-spring-channel =0.1.0 and more Source cves: CVE-2024-38816 Source advisory: OSV:GHSA-CX7F-G6MP-7...

CVE-2024-32964

Summary of the CVE-2024-32964 family (Lobe Chat) : A Server-Side Request Forgery vulnerability was reported in Lobe Chat prior to version 0.150.6, targeting the /api/proxy endpoint. Connected sources consistently describe an unauthenticated SSRF where an attacker can persuade the server to fetch ...