High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Denial of Service (DoS) in open-webui/open-webui
CVE-2024-12534
Description
In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legitimate users. This makes the server susceptible to resource exhaustion attacks without requiring authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-webuiPyPI | <= 0.3.32 | — |
open-webuinpm | <= 0.3.32 | — |
Affected products
3- ghsa-coords2 versions
<= 0.3.32+ 1 more
- (no CPE)range: <= 0.3.32
- (no CPE)range: <= 0.3.32
- Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.