cve/CVE-2024-47066.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2024-47066

Description

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.

POC

Reference

https://github.com/lobehub/lobe-chat/security/advisories/GHSA-3fc8-2r3f-8wrg
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc

Github

https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/l8BL/CVE-2024-47066
https://github.com/nomi-sec/PoC-in-GitHub

1.2 KiB Raw Permalink Blame History

CVE-2024-47066

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History