High severity7.4OSV Advisory· Published Jun 28, 2024· Updated Jun 17, 2026
CVE-2024-38514
CVE-2024-38514
Description
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser. This vulnerability has been patched in version 2.12.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: app-vundefined, v1.0, v1.1, …
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.