Description

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.

INFO

Published Date :

2024-09-23T15:17:43.364Z

Last Modified :

2024-09-23T15:41:22.252Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47066 vulnerability.

Vendors Products
Lobehub
  • Lobe Chat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47066.

URL Resource
https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts cve-icon cve-icon
https://github.com/lobehub/lobe-chat/commit/e960a23b0c69a5762eb27d776d33dac443058faf cve-icon cve-icon
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-3fc8-2r3f-8wrg cve-icon cve-icon
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact