Description

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.

INFO

Published Date :

2024-05-10T14:49:31.019Z

Last Modified :

2024-08-02T02:27:53.559Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-32964 vulnerability.

Vendors Products
Lobehub
  • Lobe Chat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-32964.

URL Resource
https://github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37 cve-icon cve-icon cve-icon
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact