Описание
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openwebui:open_webui:0.3.8:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00162
Низкий
7.5 High
CVSS3
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 7.5
github
11 месяцев назад
Open WebUI denial of service through endpoint for converting markdown
EPSS
Процентиль: 37%
0.00162
Низкий
7.5 High
CVSS3
Дефекты
CWE-770