CVE-2024-47066

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Sep 23, 2024
CWE ID 918

Summary

CVE-2024-47066 is a critical vulnerability affecting versions of Lobe Chat prior to 1.19.13, which is an open-source AI chat framework. The vulnerability allows for server-side request forgery (SSRF) due to improper handling of redirects, enabling attackers to exploit external malicious URLs to access internal resources, including private networks. Remediation involves updating the software to version 1.19.13 or later, which addresses this issue with improved protections. The vulnerability has a CVSS base score of 9.0, indicating high severity and potential for significant confidentiality loss and availability impact with low integrity impact and no required user interaction for exploitation. Affected products include various model identifiers such as y1Q_FI, y1Q_FH, and others listed under the Lobe Chat framework.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share