CVE-2024-47066 — AI Deep Analysis Summary

🚨 **Essence**: Lobe Chat suffers from an **SSRF (Server-Side Request Forgery)** bypass. The proxy protection ignores HTTP redirects.…

🛡️ **Root Cause**: **CWE-918**. The code in `src/app/api/proxy/route.ts` validates the initial URL but fails to check URLs after **redirects**. 🐛 **Flaw**: Logic gap in handling 3xx responses.

👥 **Affected**: **Lobe Chat** by **lobehub**. Specifically versions **prior to 1.19.13**. 📦 **Component**: The API proxy route handling external requests.

🕵️ **Hackers Can**: Bypass security filters to access **internal resources** (private networks, loopback addresses). 📊 **Impact**: High Confidentiality & Availability impact. Can read internal server data.

🔒 **Threshold**: **Medium**. Requires **PR:H** (High Privileges) according to CVSS. ⚙️ **Config**: User likely needs authenticated access to trigger the proxy endpoint.

💣 **Public Exp?**: **Yes**. A PoC is available on GitHub (`l8BL/CVE-2024-47066`). 🌐 **Status**: Proof-of-concept exists, demonstrating the redirect bypass technique.

🔍 **Self-Check**: Scan for Lobe Chat instances. Check version number. 🧪 **Test**: If you have access, try sending a malicious URL that redirects to `127.0.0.1` or internal IPs via the proxy API.

✅ **Fixed?**: **Yes**. Version **1.19.13** contains the improved fix. 📝 **Patch**: Update Lobe Chat to v1.19.13 or later immediately.

🚧 **No Patch?**: Implement a **WAF rule** to block redirects to private IP ranges. 🛑 **Mitigation**: Restrict proxy access to trusted users only. Disable external proxying if not needed.

🔥 **Urgency**: **High**. CVSS includes **S:C** (Changed Scope) and **C:H** (High Confidentiality). 🚀 **Action**: Patch immediately if running <1.19.13. Do not ignore SSRF risks.