Unrated severityNVD Advisory· Published Apr 16, 2024· Updated Aug 2, 2024
Open WebUI vulnerable to server-side request forgery in utils.py
CVE-2024-30256
Description
Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<0.1.117+ 1 more
- (no CPE)range: <0.1.117
- (no CPE)range: < 0.1.117
Patches
Vulnerability mechanics
References
2- github.com/open-webui/open-webui/security/advisories/GHSA-39wr-r5vm-3jxjmitrex_refsource_CONFIRM
- securitylab.github.com/advisories/GHSL-2024-033_open-webuimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.