CVE-2024-24566

Опубликовано: 31 янв. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.

Ссылки

https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd
Patch
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37
Exploit
Third Party Advisory
https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd
Patch
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lobehub:lobe_chat:*:*:*:*:*:*:*:*

Версия до 0.122.4 (исключая)

EPSS

Процентиль: 34%

0.00139

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-pf55-fj96-xf37