Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40lobehub/chat@0.122.4
Typenpm
Namespace@lobehub
Namechat
Version0.122.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.129.4
Latest_non_vulnerable_version1.143.3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vrt2-ung9-vufw
vulnerability_id VCID-vrt2-ung9-vufw
summary 
Improper Access Control
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.
references
0
reference_url https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd
reference_id
reference_type
scores
url https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24566
reference_id CVE-2024-24566
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-24566
2
reference_url https://github.com/advisories/GHSA-pf55-fj96-xf37
reference_id GHSA-pf55-fj96-xf37
reference_type
scores
url https://github.com/advisories/GHSA-pf55-fj96-xf37
3
reference_url https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37
reference_id GHSA-pf55-fj96-xf37
reference_type
scores
url https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37
fixed_packages
0
url pkg:npm/%40lobehub/chat@0.122.4
purl pkg:npm/%40lobehub/chat@0.122.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540lobehub/chat@0.122.4
aliases CVE-2024-24566, GHSA-pf55-fj96-xf37
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrt2-ung9-vufw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540lobehub/chat@0.122.4