Security Advisory

CVE-2024-32964

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-10 14:49:31

Last updated 2024-08-02 02:27:53

Assigner GitHub_M

State PUBLISHED

Description

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.

← Browse all CVEs View on cve.org ↗