How severe is CVE-2024-32965?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-32965?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-32965 - HIGH Severity | CVSS 8.1

Vulnerability Description

Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be modified to scan an internal network in the target lobe-web environment. This issue has been addressed in release version 1.19.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-16870

HIGH

CVSS:8.1(High)

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that ...

CWE-9182017

CVE-2017-6201

HIGH

CVSS:8.1(High)

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access contr...

CWE-9182017

CVE-2018-20436

HIGH

CVSS:8.1(High)

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent...

CWE-9182018

CVE-2020-21649

HIGH

CVSS:8.1(High)

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.

CWE-9182020

CVE-2020-22983

HIGH

CVSS:8.1(High)

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via ...

CWE-9182020

CVE-2020-8134

HIGH

CVSS:8.1(High)

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.

CWE-9182020