4 matches found
CVE-2024-32965
CVE-2024-32965 concerns Lobe Chat (lobe-chat) before version 1.19.13, with an unauthenticated SSRF vulnerability. The issue allows constructing malicious requests that trigger SSRF to internal services, potentially leaking sensitive information. The weakness is tied to the proxy address and OpenA...
CVE-2024-32965 ssrf vulnerability in lobe-chat
Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...
CVE-2024-32965 ssrf vulnerability in lobe-chat
Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...
CVE-2024-32965
creationtimestamp| type| source ---|---|--- 2024-11-26 04:52:57+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-2xcc-vm3f-m8rw 2024-11-26 18:37:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113550702902794180...