{"data":{"id":"7f2e1be1-ee9b-4544-8d8f-f940e5876967","title":"CVE-2024-32965: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnera","summary":"Lobe Chat, an open-source AI chat framework, has a vulnerability in versions before 1.19.13 that allows attackers to perform SSRF (server-side request forgery, where an attacker tricks a server into making unauthorized requests to other systems) without logging in. Attackers can exploit this to scan internal networks and steal sensitive information like API keys stored in authentication headers.","solution":"Upgrade to lobe-chat version 1.19.13 or later. According to the source, 'This issue has been addressed in release version 1.19.13 and all users are advised to upgrade.' There are no known workarounds for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-32965","publishedAt":"2024-11-27T00:15:23.343Z","cveId":"CVE-2024-32965","cweIds":["CWE-918"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Lobe Chat","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00156,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}