Unrated severityNVD Advisory· Published Apr 16, 2024· Updated Aug 2, 2024
Open WebUI vulnerable to server-side request forgery in utils.py
CVE-2024-30256
Description
Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.
Affected products
1- Range: < 0.1.117
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/open-webui/open-webui/security/advisories/GHSA-39wr-r5vm-3jxjmitrex_refsource_CONFIRM
- securitylab.github.com/advisories/GHSL-2024-033_open-webuimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.