📦 Lobe Chat
by Lobehub
🔍 What is Lobe Chat?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-32964 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Lobe Chat's /api/proxy endpoint. Attackers can exploit this to make the server send requests to internal networ...
Lobe Chat versions before 1.19.13 have an unauthenticated SSRF vulnerability that allows attackers to send malicious requests to internal network services. This can lead to scanning of internal networ...
This CVE describes an open redirect vulnerability in Lobe Chat's OIDC implementation. Attackers can manipulate X-Forwarded-* headers to redirect users to malicious domains during authentication flows....
Lobe Chat versions before 1.129.4 contain a cross-site scripting (XSS) vulnerability in the SVG rendering component that can be escalated to remote code execution on user machines. Attackers who can i...
This vulnerability in Lobe Chat allows authenticated attackers to steal backend API keys by manipulating frontend base URLs to redirect requests to attacker-controlled servers. It affects all Lobe Cha...