Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 30 Sep 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:lobehub:lobe_chat:*:*:*:*:*:*:*:* |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T02:27:53.559Z
Reserved: 2024-04-22T15:14:59.164Z
Link: CVE-2024-32964

Updated: 2024-08-02T02:27:53.559Z

Status : Analyzed
Published: 2024-05-14T15:37:18.180
Modified: 2025-09-30T14:35:10.233
Link: CVE-2024-32964

No data.

Updated: 2025-07-12T22:31:32Z