Uko3211

**Name of the Vulnerable Software and Affected Versions** LobeHub versions prior to 1.143.3 **Description** LobeHub is an open source human-and-AI-agent network. The file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify request parameters. This can lead to the creation of arbitrary files in unintended paths. An attacker can manipulate the `size` parameter in the client upload request to misrepresent the actual file size, bypassing the monthly upload quota and potentially causing financial impact to the service operator. This manipulation can also lead to degraded service availability, affecting legitimate users and overloading downstream systems. A single malicious user can cause an indirect denial of service (DoS) to other users. **Recommendations** Update to version 1.143.3 or later.

**Name of the Vulnerable Software and Affected Versions** Nodemailer (affected versions not specified) **Description** A flaw exists in Nodemailer that can lead to a denial of service (DoS). This occurs due to a crafted email address header triggering infinite recursion within the address parser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.