CVE-2024-24566
- Reference to the description:
- Description:
- Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.
- Last updated date:
- 02/09/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/09/2024
- Reference url to background
https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37