CVE-2024-32965 ssrf vulnerability in lobe-chat

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header...

@lobehub/chat Server Side Request Forgery vulnerability

Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...

PT-2024-26120 · Form.Io +2 · Form.Io +2

Name of the Vulnerable Software and Affected Versions: Valtimo versions prior to 10.8.4 Valtimo versions prior to 11.1.6 Valtimo versions prior to 11.2.2 Description: Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token JWT of t...