9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49785

GHSA ID

GHSA-qf3q-9f3h-cjp9

EPSS Score

0.99792%

CWE

CWE-79

Published

8/5/2024

Updated

8/5/2024

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-49785

CVE-2023-49785: NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint

NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.

(GitHub Advisory)

9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49785

GHSA ID

GHSA-qf3q-9f3h-cjp9

EPSS Score

0.99792%

CWE

CWE-79

Published

8/5/2024

Updated

8/5/2024

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nextchat	npm	<= 2.11.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers around the /api/cors endpoint implementation which: 1) Accepts arbitrary URLs via path parameters 2) Forwards requests without proper validation 3) Returns full response contents 4) Supports multiple HTTP methods 5) Allows data: protocol usage. While exact implementation details aren't shown in public sources, Next.js architecture patterns suggest this would be implemented as a server-side API route handler. The critical impact (SSRF/XSS) directly stems from this endpoint's functionality as described in advisories and technical analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

N*xt***t, *lso known *s ***t*PT-N*xt-W**, is * *ross-pl*t*orm ***t us*r int*r**** *or us* wit* ***t*PT. V*rsions *.**.* *n* prior *r* vuln*r**l* to s*rv*r-si** r*qu*st *or**ry *n* *ross-sit* s*riptin*. T*is vuln*r**ility *n**l*s r*** ****ss to int*rn

Reasoning

T** vuln*r**ility **nt*rs *roun* t** /*pi/*ors *n*point impl*m*nt*tion w*i**: *) ****pts *r*itr*ry URLs vi* p*t* p*r*m*t*rs *) *orw*r*s r*qu*sts wit*out prop*r v*li**tion *) R*turns *ull r*spons* *ont*nts *) Supports multipl* *TTP m*t*o*s *) *llows *

9.1

Basic Information

Concerned about an active attack path?

CVE-2023-49785: NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint

9.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI