Yyzsec

**Name of the Vulnerable Software and Affected Versions** lobe-chat versions prior to 1.19.13 **Description** Lobe Chat is an open-source, AI chat framework. The issue allows an attacker to construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth stored proxy address and OpenAI API Key can be modified to scan an internal network in the target lobe-web environment. **Recommendations** For versions prior to 1.19.13, upgrade to version 1.19.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the `X-Lobe-Chat-Auth` header and the OpenAI API Key to minimize the risk of exploitation. Avoid using the `X-Lobe-Chat-Auth` header and the OpenAI API Key in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Lobe Chat versions prior to 0.150.6 **Description** The issue is related to an unauthorized Server-Side Request Forgery (SSRF) vulnerability in the `/api/proxy` endpoint. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The vulnerability can be exploited by providing external malicious URLs that redirect to internal resources. All users will be impacted. **Recommendations** For versions prior to 0.150.6, consider the following: 1. Disable redirects in the `/api/proxy` endpoint to prevent SSRF attacks. 2. If redirects support is required, perform a check before each HTTP request to ensure the request is not being redirected to an internal resource. As a temporary workaround, consider restricting access to the `/api/proxy` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Lobe Chat versions prior to 1.19.13 **Description** The issue concerns a server-side request forgery protection bypass in Lobe Chat, an open-source artificial intelligence chat framework. This protection, implemented in `src/app/api/proxy/route.ts`, does not consider redirects and can be bypassed when an attacker provides an external malicious URL that redirects to internal resources like a private network or loopback address. This allows attackers to access internal services. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Technical details about exploitation include: - **API Endpoints:** `/api/proxy` - **Vulnerable Parameters or Variables:** `url` parameter in the `/api/proxy` endpoint - **Function Names:** No specific function names are mentioned as vulnerable, but the issue is related to the server-side request forgery protection in `src/app/api/proxy/route.ts` **Recommendations** For versions prior to 1.19.13, update to version 1.19.13 or later, which contains an improved fix for the issue. As a temporary workaround, consider disabling redirects in the `/api/proxy` endpoint to minimize the risk of exploitation. Restrict access to the `/api/proxy` endpoint to prevent attackers from performing SSRF attacks against internal services. Avoid using the `url` parameter in the `/api/proxy` endpoint until the issue is resolved.