We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.
Reserved 2024-04-22 | Published 2024-05-10 | Updated 2024-08-02 | Assigner GitHub_MCWE-918: Server-Side Request Forgery (SSRF)
github.com/...e-chat/security/advisories/GHSA-mxhq-xw3g-rphc
github.com/...ommit/465665a735556669ee30446c7ea9049a20cc7c37
Support options