Description
LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project's ssrf-safe-fetch wrapper. Attackers can target internal addresses such as cloud instance metadata endpoints through these unprotected code paths to disclose internal service responses and cloud credentials.
Problem types
Server-Side Request Forgery (SSRF)
Product status
Any version before 2.2.10-canary.18
Credits
George Chen
References
github.com/lobehub/lobehub/issues/16536 (Researcher Disclosure)
github.com/lobehub/lobehub/pull/16601 (Fix PR)
www.vulncheck.com/...via-importfromurl-and-fetchimagefromurl