@lobehub/chat@0.83.4 vulnerabilities
Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.
-
latest version
1.31.10
-
latest non vulnerable version
-
first published
a year ago
-
latest version published
an hour ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @lobehub/chat package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade |
<0.150.6
|
@lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the base URL configuration, which can expose the backend API key to an attacker-controlled domain as outbound traffic is not filtered on URL. The API key can subsequently be used for unauthorized access to the vulnerable server. How to fix Server-side Request Forgery (SSRF)? Upgrade |
<0.162.25
|
@lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are vulnerable to Improper Access Control via the Note: This is only exploitable if the application is deployed with the How to fix Improper Access Control? Upgrade |
<0.122.4
|