@lobehub/chat@0.103.1 vulnerabilities

Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.

latest version

0.161.8
latest non vulnerable version

1.3.0
first published

10 months ago
latest version published

17 hours ago
licenses detected
- MIT
  >=0
View @lobehub/chat package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @lobehub/chat package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Access Control @lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are vulnerable to Improper Access Control via the `ACCESS_CODE` option. An attacker can access plugins without proper authorization by bypassing the password protection mechanism. Note: This is only exploitable if the application is deployed with the `ACCESS_CODE` option. How to fix Improper Access Control? Upgrade `@lobehub/chat` to version 0.122.4 or higher.	<0.122.4

Improper Access Control

@lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.

Affected versions of this package are vulnerable to Improper Access Control via the ACCESS_CODE option. An attacker can access plugins without proper authorization by bypassing the password protection mechanism.

Note:

This is only exploitable if the application is deployed with the ACCESS_CODE option.

How to fix Improper Access Control?

Upgrade @lobehub/chat to version 0.122.4 or higher.

<0.122.4

Go back to all versions of this package

@lobehub/chat@0.103.1 vulnerabilities

Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities