6 matches found
CVE-2024-7033
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
CVE-2024-7033
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
CVE-2024-7033 Arbitrary File Write in open-webui/open-webui
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
CVE-2024-7033 Arbitrary File Write in open-webui/open-webui
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
CVE-2024-7033 Arbitrary File Write in open-webui/open-webui
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...
CVE-2024-7033
Open WebUI (open-webui/open-webui) version 0.3.8 contains an arbitrary file Write vulnerability in the download_model endpoint, exploitable on Windows due to improper file-path handling. An attacker can manipulate the target path to write files to arbitrary locations on the server filesystem, pot...