Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 1:21 p.m.8 views

CVE-2024-7033

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

7.2CVSS8.7AI score0.01125EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-7033

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

7.2CVSS0.01125EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.5 views

CVE-2024-7033 Arbitrary File Write in open-webui/open-webui

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

6.5CVSS7.4AI score0.01125EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-7033 Arbitrary File Write in open-webui/open-webui

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

6.5CVSS7.3AI score0.01125EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.18 views

CVE-2024-7033 Arbitrary File Write in open-webui/open-webui

In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...

6.5CVSS0.01125EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.56 views

CVE-2024-7033

Open WebUI (open-webui/open-webui) version 0.3.8 contains an arbitrary file Write vulnerability in the download_model endpoint, exploitable on Windows due to improper file-path handling. An attacker can manipulate the target path to write files to arbitrary locations on the server filesystem, pot...

7.2CVSS8.3AI score0.01125EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder