Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] code bypass vulnerability #4499

Closed
3 tasks done
secf0ra11 opened this issue Apr 11, 2024 · 2 comments
Closed
3 tasks done

[Bug] code bypass vulnerability #4499

secf0ra11 opened this issue Apr 11, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@secf0ra11
Copy link

Bug Description

chat-next-web 可以通过设置http header 绕过登录code,在2.9.x版本

Steps to Reproduce

1.随意输入登录密码
2.设置http header,Authorization: Bearer ak-*****,***为任意值
3.获取chatgpt

poc.mp4

Expected Behavior

绕过登录

Screenshots

No response

Deployment Method

  • Docker
  • Vercel
  • Server

Desktop OS

windows 10

Desktop Browser

firefox

Desktop Browser Version

89

Smartphone Device

No response

Smartphone OS

No response

Smartphone Browser

No response

Smartphone Browser Version

No response

Additional Logs

No response
@secf0ra11 secf0ra11 added the bug Something isn't working label Apr 11, 2024
@Dean-YZG
Copy link
Contributor

是私有化部署么?最新版本已经解决了这个问题,可以升级到最新版本

@Issues-translate-bot
Copy link

Bot detected the issue body's language is not English, translate it automatically.

Is it a private deployment? The latest version has solved this problem and you can upgrade to the latest version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Issues-translate-bot @secf0ra11 @Dean-YZG