CVE-2024-32965 – Lobe Chat versions before 1.19.13 have an unaut... (How to Fix)

Q: What is the severity of CVE-2024-32965?

CVE-2024-32965 has a CVSS score of 8.1 (HIGH). Lobe Chat versions before 1.19.13 have an unauthenticated SSRF vulnerability that allows attackers to send malicious requests to internal network services. This can lead to scanning of internal networks and potential leakage of sensitive information. All users running vulnerable versions are affected.

📋 TL;DR

Lobe Chat versions before 1.19.13 have an unauthenticated SSRF vulnerability that allows attackers to send malicious requests to internal network services. This can lead to scanning of internal networks and potential leakage of sensitive information. All users running vulnerable versions are affected.

💻 Affected Systems

Products:

Lobe Chat

Versions: All versions prior to 1.19.13

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with default configurations are vulnerable. The vulnerability requires network access to the Lobe Chat instance.

📦 What is this software?

Lobe Chat by Lobehub

View all CVEs affecting Lobe Chat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network services, data exfiltration, and lateral movement within the target environment

🟠

Likely Case

Internal network scanning, service enumeration, and potential credential/sensitive information leakage

🟢

If Mitigated

Limited to external network scanning only if proper network segmentation and egress filtering are in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires modifying JWT token headers to inject malicious proxy addresses and API keys for SSRF attacks

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.19.13

Vendor Advisory: https://github.com/lobehub/lobe-chat/security/advisories/GHSA-2xcc-vm3f-m8rw

Restart Required: Yes

Instructions:

1. Stop the Lobe Chat service. 2. Update to version 1.19.13 or later using your package manager or by downloading from GitHub. 3. Restart the Lobe Chat service. 4. Verify the update was successful.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Lobe Chat from internal services
Deploy web application firewall (WAF) rules to block SSRF patterns and JWT header manipulation

🔍 How to Verify

Check if Vulnerable:

Check if running Lobe Chat version earlier than 1.19.13. Review application logs for unusual proxy requests or internal network scanning attempts.

Check Version:

Check package.json or application configuration for version number, or run: npm list lobe-chat (if installed via npm)

Verify Fix Applied:

Confirm version is 1.19.13 or later. Test that modifying X-Lobe-Chat-Auth header no longer allows SSRF requests to internal addresses.

📡 Detection & Monitoring

Log Indicators:

Unusual proxy requests to internal IP addresses
Failed authentication attempts with modified JWT headers
Requests to non-standard ports or internal services

Network Indicators:

Outbound connections from Lobe Chat to internal network segments
Unusual traffic patterns to internal services

SIEM Query:

source="lobe-chat" AND (url="*://10.*" OR url="*://192.168.*" OR url="*://172.16.*" OR url="*://127.*" OR url="*://localhost*")

📊 Metadata

CVE ID: CVE-2024-32965

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-918

Published: November 26, 2024

Last Updated: September 23, 2025

🔗 References

https://github.com/lobehub/lobe-chat/commit/e960a23b0c69a5762eb27d776d33dac443058faf Patch
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-2xcc-vm3f-m8rw Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32965, you might also want to check these: