High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
SSRF in open-webui/open-webui
CVE-2024-7959
Description
The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
open-webuiPyPI | <= 0.3.8 | — |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.