Количество 2
Количество 2
CVE-2024-37895
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
GHSA-p36r-qxgx-jq2v
Lobe Chat API Key Leak
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-37895 Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS3: 5.7 | 1% Низкий | больше 1 года назад |
| GHSA-p36r-qxgx-jq2v Lobe Chat API Key Leak | CVSS3: 5.7 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу