Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2024/09/23 8:30 p.m.42 views

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...

9CVSS6.6AI score0.11157EPSS
Exploits4References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/10 2:49 p.m.24 views

CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...

9CVSS6.6AI score0.52683EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/05/10 2:49 p.m.47 views

CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...

9CVSS9.1AI score0.52683EPSS
Exploits2References2
Circl
Circl
added 2024/05/10 6:13 a.m.7 views

CVE-2024-32964

creationtimestamp| type| source ---|---|--- 2024-05-10 06:13:02+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-mxhq-xw3g-rphc...

9CVSS7.3AI score0.52683EPSS
Exploits2References1
Rows per page
Query Builder