Lucene search

Veracode Vulnerability DatabaseVERACODE:46854

HistoryMay 13, 2024 - 6:50 a.m.

Server-Side Request Forgery

2024-05-1306:50:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

server-side request forgery

validation

user-supplied urls

attackers

software

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

@lobehub/chat is vulnerable to Server-Side Request Forgery. This vulnerability arises due to insufficient validation of user-supplied URLs which allows attackers to forge server-side requests.

References

github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37

github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46854