A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the compone…

A server-side request forgery (SSRF) vulnerability has been identified in ChatGPTNextWeb NextChat up to version 2.16.1. The vulnerability affects the storeUrl function in the app/api/artifacts/route.ts file of the Artifacts Endpoint component. The issue can be exploited remotely by manipulating the argument ID parameter. A public exploit is available, increasing the risk of active exploitation. The project maintainers have been notified through an issue report but have not yet responded to the vulnerability disclosure.