Critical severityNVD Advisory· Published May 10, 2024· Updated Aug 2, 2024

lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability

CVE-2024-32964

Description

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@lobehub/chatnpm	< 0.150.6	0.150.6

Affected products

Lobehub/Lobe Chatv5
Range: <= 0.150.5

Patches

465665a73555

🐛 fix: fix `/api/proxy` internal proxy attack (#2255)

https://github.com/lobehub/lobe-chatArvin XuApr 28, 2024via ghsa

commit

2 files changed · +27 −3

package.json+2 −0 modified

@@ -118,6 +118,7 @@
     "i18next-resources-to-backend": "^1.2.1",
     "idb-keyval": "^6.2.1",
     "immer": "^10.0.4",
+    "ip": "^2.0.1",
     "jose": "^5.2.4",
     "langfuse": "^3.7.0",
     "langfuse-core": "^3.7.0",
@@ -183,6 +184,7 @@
     "@types/chroma-js": "^2.4.4",
     "@types/debug": "^4.1.12",
     "@types/diff": "^5.2.0",
+    "@types/ip": "^1.1.3",
     "@types/json-schema": "^7.0.15",
     "@types/lodash": "^4.17.0",
     "@types/lodash-es": "^4.17.12",

src/app/api/proxy/route.ts+25 −3 modified

@@ -1,12 +1,34 @@
-export const runtime = 'edge';
+import { isPrivate } from 'ip';
+import { NextResponse } from 'next/server';
+import dns from 'node:dns';
+import { promisify } from 'node:util';
+
+const lookupAsync = promisify(dns.lookup);
+
+export const runtime = 'nodejs';
 
 /**
  * just for a proxy
  */
 export const POST = async (req: Request) => {
-  const url = await req.text();
+  const url = new URL(await req.text());
+  let address;
+
+  try {
+    const lookupResult = await lookupAsync(url.hostname);
+    address = lookupResult.address;
+  } catch (err) {
+    console.error(`${url.hostname} DNS parser error:`, err);
+
+    return NextResponse.json({ error: 'DNS parser error' }, { status: 504 });
+  }
+
+  const isInternalHost = isPrivate(address);
+
+  if (isInternalHost)
+    return NextResponse.json({ error: 'Not support internal host proxy' }, { status: 400 });
 
-  const res = await fetch(url);
+  const res = await fetch(url.toString());
 
   return new Response(res.body, { headers: res.headers });
 };

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-mxhq-xw3g-rphcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-32964ghsaADVISORY
github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37ghsax_refsource_MISCWEB
github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphcghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.059
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000