Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-10T14:49:31.019Z

Updated: 2024-08-02T02:27:53.559Z

Reserved: 2024-04-22T15:14:59.164Z

Link: CVE-2024-32964

cve-icon Vulnrichment

Updated: 2024-08-02T02:27:53.559Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T15:37:18.180

Modified: 2024-05-14T16:12:23.490

Link: CVE-2024-32964

cve-icon Redhat

No data.