open-webui 0.6.5 vulnerabilities

Known vulnerabilities in the open-webui package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `/openai/models` endpoint. An attacker can manipulate the OpenAI URL to any destination without validation, enabling the endpoint to initiate requests to the specified URL and relay the response. This vulnerability permits unauthorized access to internal services and could potentially allow command execution by accessing instance secrets. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `open-webui`.	[0,)
M Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the `/api/v1/models/add` endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model description field which is not properly sanitized before being displayed. How to fix Cross-site Scripting (XSS)? There is no fixed version for `open-webui`.	[0,)
M Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser leading to potential user data theft, session hijacking, malware distribution, and phishing attacks. How to fix Cross-site Scripting (XSS)? There is no fixed version for `open-webui`.	[0,)
H Directory Traversal open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the `/models/upload` endpoint. An attacker can manipulate the `file.filename` parameter to include directory traversal sequences, causing the resulting `file_path` to escape the intended `UPLOAD_DIR` and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution. How to fix Directory Traversal? There is no fixed version for `open-webui`.	[0,)
H Arbitrary File Write via Archive Extraction (Zip Slip) open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) through the `download_model` endpoint. An attacker can manipulate file paths to write files to arbitrary locations on the server's filesystem, potentially overwriting critical system or application files, causing denial of service or achieving remote code execution. Note: This is only exploitable when deployed on Windows. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `open-webui`.	[0,)
M Cross-site Scripting (XSS) open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server. How to fix Cross-site Scripting (XSS)? There is no fixed version for `open-webui`.	[0,)
H Allocation of Resources Without Limits or Throttling open-webui is an Open WebUI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the `api/v1/utils/code/format` endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a POST request with an excessively high volume of content. How to fix Allocation of Resources Without Limits or Throttling? There is no fixed version for `open-webui`.	[0,)
M Improper Privilege Management open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. An attacker, acting as an admin, can delete other administrators. This action is restricted by the user interface but can be performed through direct API calls. How to fix Improper Privilege Management? There is no fixed version for `open-webui`.	[0,)
M Undefined Behavior for Input to API open-webui is an Open WebUI Affected versions of this package are vulnerable to Undefined Behavior for Input to API due to improper access control on the `/api/v1/auths/admin/details` interface. An attacker can view administrative details by directly calling the interface without needing administrative privileges. Note: This is only exploitable if the attacker has network access to the application's API. How to fix Undefined Behavior for Input to API? There is no fixed version for `open-webui`.	[0,)
H Incorrect Synchronization open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Synchronization due to improper access control mechanisms. An attacker can view and delete any files by directly calling specific API endpoints without needing administrative privileges. This is only exploitable if the attacker has access to the network where the application is hosted. How to fix Incorrect Synchronization? There is no fixed version for `open-webui`.	[0,)

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the /openai/models endpoint. An attacker can manipulate the OpenAI URL to any destination without validation, enabling the endpoint to initiate requests to the specified URL and relay the response. This vulnerability permits unauthorized access to internal services and could potentially allow command execution by accessing instance secrets.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for open-webui.

[0,)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the /api/v1/models/add endpoint. An attacker can execute arbitrary scripts that affect other users, including administrators, by injecting malicious scripts into the model description field which is not properly sanitized before being displayed.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for open-webui.

[0,)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes JavaScript in the victim's browser leading to potential user data theft, session hijacking, malware distribution, and phishing attacks.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for open-webui.

[0,)

Directory Traversal

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting file_path to escape the intended UPLOAD_DIR and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution.

How to fix Directory Traversal?

There is no fixed version for open-webui.

[0,)

Arbitrary File Write via Archive Extraction (Zip Slip)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) through the download_model endpoint. An attacker can manipulate file paths to write files to arbitrary locations on the server's filesystem, potentially overwriting critical system or application files, causing denial of service or achieving remote code execution.

Note:

This is only exploitable when deployed on Windows.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for open-webui.

[0,)

Cross-site Scripting (XSS)

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker with a user-level account can manipulate session cookies to hijack administrator sessions, leading to unauthorized actions and potential system compromise by embedding a malicious markdown image in a chat, which, when viewed by an administrator, sends the admin's session cookie to the attacker's server.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for open-webui.

[0,)

Allocation of Resources Without Limits or Throttling

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the api/v1/utils/code/format endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a POST request with an excessively high volume of content.

How to fix Allocation of Resources Without Limits or Throttling?

There is no fixed version for open-webui.

[0,)

Improper Privilege Management

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Improper Privilege Management through the API endpoint http://0.0.0.0:8080/api/v1/users/{uuid_administrator}. An attacker, acting as an admin, can delete other administrators. This action is restricted by the user interface but can be performed through direct API calls.

How to fix Improper Privilege Management?

There is no fixed version for open-webui.

[0,)

Undefined Behavior for Input to API

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Undefined Behavior for Input to API due to improper access control on the /api/v1/auths/admin/details interface. An attacker can view administrative details by directly calling the interface without needing administrative privileges.

Note:

This is only exploitable if the attacker has network access to the application's API.

How to fix Undefined Behavior for Input to API?

There is no fixed version for open-webui.

[0,)

Incorrect Synchronization

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Incorrect Synchronization due to improper access control mechanisms. An attacker can view and delete any files by directly calling specific API endpoints without needing administrative privileges. This is only exploitable if the attacker has access to the network where the application is hosted.

How to fix Incorrect Synchronization?

There is no fixed version for open-webui.

[0,)

open-webui@0.6.5 vulnerabilities

Open WebUI

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?