6 matches found
CVE-2024-7033
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
CVE-2024-7033
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-7033
...
CVE-2024-7033
...
CVE-2024-7033
Open-WebUI (open-webui/open-webui) 0.3.8 contains an arbitrary file write vulnerability in the download_model endpoint. On Windows, improper path handling allows an attacker to manipulate the file path and write files to arbitrary locations on the server’s filesystem, potentially overwriting crit...
CVE-2024-7033 Arbitrary File Write in open-webui/open-webui
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...