Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 30 Sep 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:lobehub:lobe_chat:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T02:27:53.559Z

Reserved: 2024-04-22T15:14:59.164Z

Link: CVE-2024-32964

cve-icon Vulnrichment

Updated: 2024-08-02T02:27:53.559Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T15:37:18.180

Modified: 2025-09-30T14:35:10.233

Link: CVE-2024-32964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:31:32Z