Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Vulnerability Description
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Lobe Chat 代码问题漏洞
Vulnerability Description
Lobe Chat是LobeHub开源的一个开源、高性能的聊天机器人框架。 Lobe Chat 1.19.13版本之前存在代码问题漏洞,该漏洞源于src/app/api/proxy/route.ts中实现的服务器端请求伪造保护不考虑重定向,当攻击者提供重定向到内部资源(如私有网络或环回地址)的外部恶意 URL 时,可能会被绕过。
CVSS Information
N/A
Vulnerability Type
N/A