open-webui 0.3.17.dev3 vulnerabilities

Known vulnerabilities in the open-webui package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/openai/models` endpoint. An attacker can manipulate the OpenAI URL to any destination without validation, enabling the endpoint to initiate requests to the specified URL and relay the response. This vulnerability permits unauthorized access to internal services and could potentially allow command execution by accessing instance secrets. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `open-webui`.	[0,)
H Cross-site Request Forgery (CSRF) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the authentication process using cookies with the `SameSite` attribute set to lax. An attacker can execute arbitrary code with the victim's privileges by crafting a malicious HTML page that modifies the Python code of an existing pipeline when accessed by the victim. How to fix Cross-site Request Forgery (CSRF)? Upgrade `open-webui` to version 0.3.33 or higher.	[,0.3.33)
H Arbitrary File Upload open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Upload via the `audio/api/v1/transcriptions` endpoint. An attacker can execute arbitrary code on the server by uploading a malicious file with a crafted filename that exploits insufficient validation of `file.content_type` and user-controlled filenames, leading to path traversal. How to fix Arbitrary File Upload? Upgrade `open-webui` to version 0.5.17 or higher.	[,0.5.17)
H Denial of Service (DoS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Denial of Service (DoS) via the endpoint for converting markdown. An attacker can cause the server to spend excessive time on processing, rendering it unresponsive to other requests until the conversion is complete. How to fix Denial of Service (DoS)? Upgrade `open-webui` to version 0.5.13 or higher.	[,0.5.13)
M Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the `/api/v1/models/add` endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model description field which is not properly sanitized before being displayed. How to fix Cross-site Scripting (XSS)? There is no fixed version for `open-webui`.	[0,)
H Missing Authentication for Critical Function open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the `api/v1/utils/pdf` endpoint. An attacker can exhaust server resources and cause a denial of service by sending a POST request with an excessively large payload. Additionally, unauthorized users can generate PDFs without proper verification, leading to misuse of the service and potential operational and financial impacts. How to fix Missing Authentication for Critical Function? Upgrade `open-webui` to version 0.5.13 or higher.	[,0.5.13)
M Insufficient Isolation of System-Dependent Functions open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Isolation of System-Dependent Functions due to improper access control on the `/api/v1/prompts/` and `/api/v1/prompts/command/{command_id}` interfaces. An attacker can view and retrieve prompt information without proper administrative verification by directly calling these interfaces. How to fix Insufficient Isolation of System-Dependent Functions? Upgrade `open-webui` to version 0.4.0 or higher.	[,0.4.0)
M Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser leading to potential user data theft, session hijacking, malware distribution, and phishing attacks. How to fix Cross-site Scripting (XSS)? There is no fixed version for `open-webui`.	[0,)
H Directory Traversal open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the `/models/upload` endpoint. An attacker can manipulate the `file.filename` parameter to include directory traversal sequences, causing the resulting `file_path` to escape the intended `UPLOAD_DIR` and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution. How to fix Directory Traversal? There is no fixed version for `open-webui`.	[0,)
H Arbitrary File Write via Archive Extraction (Zip Slip) open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) through the `download_model` endpoint. An attacker can manipulate file paths to write files to arbitrary locations on the server's filesystem, potentially overwriting critical system or application files, causing denial of service or achieving remote code execution. Note: This is only exploitable when deployed on Windows. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `open-webui`.	[0,)
M Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. How to fix Cross-site Scripting (XSS)? There is no fixed version for `open-webui`.	[0,)
H Allocation of Resources Without Limits or Throttling open-webui is an Open WebUI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `api/v1/utils/code/format` endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a POST request with an excessively high volume of content. How to fix Allocation of Resources Without Limits or Throttling? There is no fixed version for `open-webui`.	[0,)
M Improper Privilege Management open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. An attacker, acting as an admin, can delete other administrators. This action is restricted by the user interface but can be performed through direct API calls. How to fix Improper Privilege Management? There is no fixed version for `open-webui`.	[0,)
M Undefined Behavior for Input to API open-webui is an Open WebUI Affected versions of this package are vulnerable to Undefined Behavior for Input to API due to improper access control on the `/api/v1/auths/admin/details` interface. An attacker can view administrative details by directly calling the interface without needing administrative privileges. Note: This is only exploitable if the attacker has network access to the application's API. How to fix Undefined Behavior for Input to API? There is no fixed version for `open-webui`.	[0,)
H Incorrect Synchronization open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Synchronization due to improper access control mechanisms. An attacker can view and delete any files by directly calling specific API endpoints without needing administrative privileges. This is only exploitable if the attacker has access to the network where the application is hosted. How to fix Incorrect Synchronization? There is no fixed version for `open-webui`.	[0,)
C Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in tooltip content rendering. An attacker can perform operations with the victim's privileges, such as stealing chat history and deleting chats, by convincing the victim to interact with a malicious prompt. How to fix Cross-site Scripting (XSS)? Upgrade `open-webui` to version 0.3.24 or higher.	[,0.3.24)
H Path Traversal open-webui is an Open WebUI Affected versions of this package are vulnerable to Path Traversal due to unsanitized input in the `file.filename` concatenation with `CACHE_DIR`via the `/api/pipelines/upload` endpoint. An attacker can overwrite and delete system files, potentially leading to unauthorized system access or control. How to fix Path Traversal? Upgrade `open-webui` to version 0.5.0 or higher.	[,0.5.0)

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the /openai/models endpoint. An attacker can manipulate the OpenAI URL to any destination without validation, enabling the endpoint to initiate requests to the specified URL and relay the response. This vulnerability permits unauthorized access to internal services and could potentially allow command execution by accessing instance secrets.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for open-webui.

[0,)

Cross-site Request Forgery (CSRF)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the authentication process using cookies with the SameSite attribute set to lax. An attacker can execute arbitrary code with the victim's privileges by crafting a malicious HTML page that modifies the Python code of an existing pipeline when accessed by the victim.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade open-webui to version 0.3.33 or higher.

[,0.3.33)

Arbitrary File Upload

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Arbitrary File Upload via the audio/api/v1/transcriptions endpoint. An attacker can execute arbitrary code on the server by uploading a malicious file with a crafted filename that exploits insufficient validation of file.content_type and user-controlled filenames, leading to path traversal.

How to fix Arbitrary File Upload?

Upgrade open-webui to version 0.5.17 or higher.

[,0.5.17)

Denial of Service (DoS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Denial of Service (DoS) via the endpoint for converting markdown. An attacker can cause the server to spend excessive time on processing, rendering it unresponsive to other requests until the conversion is complete.

How to fix Denial of Service (DoS)?

Upgrade open-webui to version 0.5.13 or higher.

[,0.5.13)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the /api/v1/models/add endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model description field which is not properly sanitized before being displayed.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for open-webui.

[0,)

Missing Authentication for Critical Function

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the api/v1/utils/pdf endpoint. An attacker can exhaust server resources and cause a denial of service by sending a POST request with an excessively large payload. Additionally, unauthorized users can generate PDFs without proper verification, leading to misuse of the service and potential operational and financial impacts.

How to fix Missing Authentication for Critical Function?

Upgrade open-webui to version 0.5.13 or higher.

[,0.5.13)

Insufficient Isolation of System-Dependent Functions

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Insufficient Isolation of System-Dependent Functions due to improper access control on the /api/v1/prompts/ and /api/v1/prompts/command/{command_id} interfaces. An attacker can view and retrieve prompt information without proper administrative verification by directly calling these interfaces.

How to fix Insufficient Isolation of System-Dependent Functions?

Upgrade open-webui to version 0.4.0 or higher.

[,0.4.0)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser leading to potential user data theft, session hijacking, malware distribution, and phishing attacks.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for open-webui.

[0,)

Directory Traversal

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting file_path to escape the intended UPLOAD_DIR and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution.

How to fix Directory Traversal?

There is no fixed version for open-webui.

[0,)

Arbitrary File Write via Archive Extraction (Zip Slip)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) through the download_model endpoint. An attacker can manipulate file paths to write files to arbitrary locations on the server's filesystem, potentially overwriting critical system or application files, causing denial of service or achieving remote code execution.

Note:

This is only exploitable when deployed on Windows.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for open-webui.

[0,)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for open-webui.

[0,)

Allocation of Resources Without Limits or Throttling

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the api/v1/utils/code/format endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a POST request with an excessively high volume of content.

How to fix Allocation of Resources Without Limits or Throttling?

There is no fixed version for open-webui.

[0,)

Improper Privilege Management

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}. An attacker, acting as an admin, can delete other administrators. This action is restricted by the user interface but can be performed through direct API calls.

How to fix Improper Privilege Management?

There is no fixed version for open-webui.

[0,)

Undefined Behavior for Input to API

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Undefined Behavior for Input to API due to improper access control on the /api/v1/auths/admin/details interface. An attacker can view administrative details by directly calling the interface without needing administrative privileges.

Note:

This is only exploitable if the attacker has network access to the application's API.

How to fix Undefined Behavior for Input to API?

There is no fixed version for open-webui.

[0,)

Incorrect Synchronization

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Incorrect Synchronization due to improper access control mechanisms. An attacker can view and delete any files by directly calling specific API endpoints without needing administrative privileges. This is only exploitable if the attacker has access to the network where the application is hosted.

How to fix Incorrect Synchronization?

There is no fixed version for open-webui.

[0,)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in tooltip content rendering. An attacker can perform operations with the victim's privileges, such as stealing chat history and deleting chats, by convincing the victim to interact with a malicious prompt.

How to fix Cross-site Scripting (XSS)?

Upgrade open-webui to version 0.3.24 or higher.

[,0.3.24)

Path Traversal

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Path Traversal due to unsanitized input in the file.filename concatenation with CACHE_DIRvia the /api/pipelines/upload endpoint. An attacker can overwrite and delete system files, potentially leading to unauthorized system access or control.

How to fix Path Traversal?

Upgrade open-webui to version 0.5.0 or higher.

[,0.5.0)

open-webui@0.3.17.dev3 vulnerabilities

Open WebUI

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?