Open WebUI 代码问题漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A code issue vulnerability exists in Open WebUI version 0.3.0, which stems from the audio API endpoint /audio/api/v1/transcriptions allowing arbitrary file uploads, which could lead to path...

Arbitrary File Deletion

litellm is vulnerable to Arbitrary File Deletion. The vulnerability is due to improper input validation on the /audio/transcriptions endpoint, allowing attackers to send crafted requests that delete specified files without proper authorization or validation...

GHSA-3XR8-QFVJ-9P9J Arbitrary file deletion in litellm

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the /audio/transcriptions endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes...

PT-2024-33255 · Berriai · Litellm

Name of the Vulnerable Software and Affected Versions: BerriAI's litellm version latest Description: The issue arises from improper input validation on the "/audio/transcriptions" endpoint, allowing an attacker to send a specially crafted request that includes a file path to the server. This...