CVE-2024-47066
published 2024-09-23CVE-2024-47066: Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
11.00%
95.3th percentile
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lobehub | chat | >= 0 < 1.19.13 | 1.19.13 |
| lobehub | lobe_chat | < 1.19.3 | 1.19.3 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa9.0CRITICAL
osv9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
ghsa·2024-09-23·CVSS 9.0
CVE-2024-47066 [CRITICAL] CWE-918 lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
### Summary
SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address.
### PoC
1. Run lobe-chat in docker container. In my setup lobe-chat runs on 0.0.0.0:3210;
2. Create file dummy-server.js with the following content:
```
var http = require('http');
console.log("running server");
http.createServer(function (req, res) {
console.log(req.url);
res.writeHead(200, {'Content-Type': 'text/html'});
res.end();
}).listen(3001, 'localhost');
```
And run
```
node dummy-server.js
```
as an example
OSV
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
osv·2024-09-23·CVSS 9.0
CVE-2024-47066 [CRITICAL] lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
### Summary
SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address.
### PoC
1. Run lobe-chat in docker container. In my setup lobe-chat runs on 0.0.0.0:3210;
2. Create file dummy-server.js with the following content:
```
var http = require('http');
console.log("running server");
http.createServer(function (req, res) {
console.log(req.url);
res.writeHead(200, {'Content-Type': 'text/html'});
res.end();
}).listen(3001, 'localhost');
```
And run
```
node dummy-server.js
```
as an example
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.tshttps://github.com/lobehub/lobe-chat/commit/e960a23b0c69a5762eb27d776d33dac443058fafhttps://github.com/lobehub/lobe-chat/security/advisories/GHSA-3fc8-2r3f-8wrghttps://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc
2024-09-23
Published