Количество 2
Количество 2
CVE-2024-7959
The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.
GHSA-x757-hv69-jr45
Open WebUI has SSRF in /openai/models
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-7959 The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets. | CVSS3: 7.7 | 0% Низкий | 11 месяцев назад |
| GHSA-x757-hv69-jr45 Open WebUI has SSRF in /openai/models | CVSS3: 7.7 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу