💻 系统环境 | Operating System
Windows
🌐 浏览器 | Browser
Chrome
🐛 问题描述 | Bug Description
The postMessage event handler in the LobeChat Plugin SDK (src/client/lobeChat.ts) lacks origin validation logic.
This vulnerability allows an attacker to inject arbitrary settings or state values into a plugin instance via a malicious webpage. By exploiting this, an attacker can manipulate the plugin's behavior, potentially redirecting sensitive data to an attacker-controlled server (e.g., by modifying API endpoints). Furthermore, if the plugin UI renders the injected settings without proper sanitization, this could lead to Cross-Site Scripting (XSS).
The affected component is primarily the receiverData function within the getPluginSettings method. Static analysis of the production build file (59211.e18a7af7ad0fb5b8.js, Module 843463) confirms that this vulnerable logic is present in the deployed version.
🚦 期望结果 | Expected Behavior
The message event listener must verify the event.origin property to ensure that the message originates from a trusted domain (e.g., the LobeChat main application).
If the origin does not match the allowlist, the message should be ignored or rejected immediately. This prevents external/untrusted sites from interfering with the plugin's internal logic.
📷 复现步骤 | Recurrence Steps
This issue is a design flaw that can be identified via static code analysis:
Navigate to src/client/lobeChat.ts in the lobe-chat project.
Inspect the getPluginSettings method and the receiverData function.
Observe that the code checks e.data.type but fails to validate e.origin before resolving the promise with the payload.
// Vulnerable Code Pattern
const receiverData = (e: MessageEvent) => {
// Missing check for e.origin
if (e.data.type === PluginChannel.renderPluginSettings) {
resolve(e.data.value); // Resolves untrusted data directly
window.removeEventListener('message', receiverData);
}
};
An attacker hosts a malicious page that opens the target plugin page in a new tab using window.open().
The attacker's page executes targetWindow.postMessage({ type: 'lobe-chat:render-plugin-settings', value: { ...malicious_payload } }, '*').
Since the plugin does not check the origin, it accepts the malicious payload as valid settings.
📝 补充信息 | Additional Information
Vulnerability Type: CWE-346: Origin Validation Error
Affected Files: src/client/lobeChat.ts (and its compiled JavaScript bundles).
Suggested Remediation: Implement strict origin validation within the event listener.
// Recommended Fix
const ALLOWED_ORIGIN = "https://your-service-domain.com"; // Define trusted origin
const receiverData = (e: MessageEvent) => {
// Add Origin Check
if (e.origin !== ALLOWED_ORIGIN) return;
if (e.data.type === PluginChannel.renderPluginSettings) {
resolve(e.data.value);
// ...
}
};
💻 系统环境 | Operating System
Windows
🌐 浏览器 | Browser
Chrome
🐛 问题描述 | Bug Description
The postMessage event handler in the LobeChat Plugin SDK (src/client/lobeChat.ts) lacks origin validation logic.
This vulnerability allows an attacker to inject arbitrary settings or state values into a plugin instance via a malicious webpage. By exploiting this, an attacker can manipulate the plugin's behavior, potentially redirecting sensitive data to an attacker-controlled server (e.g., by modifying API endpoints). Furthermore, if the plugin UI renders the injected settings without proper sanitization, this could lead to Cross-Site Scripting (XSS).
The affected component is primarily the receiverData function within the getPluginSettings method. Static analysis of the production build file (59211.e18a7af7ad0fb5b8.js, Module 843463) confirms that this vulnerable logic is present in the deployed version.
🚦 期望结果 | Expected Behavior
The message event listener must verify the event.origin property to ensure that the message originates from a trusted domain (e.g., the LobeChat main application).
If the origin does not match the allowlist, the message should be ignored or rejected immediately. This prevents external/untrusted sites from interfering with the plugin's internal logic.
📷 复现步骤 | Recurrence Steps
This issue is a design flaw that can be identified via static code analysis:
Navigate to src/client/lobeChat.ts in the lobe-chat project.
Inspect the getPluginSettings method and the receiverData function.
Observe that the code checks e.data.type but fails to validate e.origin before resolving the promise with the payload.
// Vulnerable Code Pattern
const receiverData = (e: MessageEvent) => {
// Missing check for e.origin
if (e.data.type === PluginChannel.renderPluginSettings) {
resolve(e.data.value); // Resolves untrusted data directly
window.removeEventListener('message', receiverData);
}
};
An attacker hosts a malicious page that opens the target plugin page in a new tab using window.open().
The attacker's page executes targetWindow.postMessage({ type: 'lobe-chat:render-plugin-settings', value: { ...malicious_payload } }, '*').
Since the plugin does not check the origin, it accepts the malicious payload as valid settings.
📝 补充信息 | Additional Information
Vulnerability Type: CWE-346: Origin Validation Error
Affected Files: src/client/lobeChat.ts (and its compiled JavaScript bundles).
Suggested Remediation: Implement strict origin validation within the event listener.
// Recommended Fix
const ALLOWED_ORIGIN = "https://your-service-domain.com"; // Define trusted origin
const receiverData = (e: MessageEvent) => {
// Add Origin Check
if (e.origin !== ALLOWED_ORIGIN) return;
if (e.data.type === PluginChannel.renderPluginSettings) {
resolve(e.data.value);
// ...
}
};