Описание
Open WebUI denial of service through endpoint for converting markdown
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.
Пакеты
Наименование
open-webui
pip
Затронутые версииВерсия исправления
<= 0.3.8
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
11 месяцев назад
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.