Lucene search
+L

4 matches found

nvd
nvd
added 2025/03/20 10:15 a.m.9 views

CVE-2024-7959

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

7.7CVSS0.24461EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.6 views

CVE-2024-7959 SSRF in open-webui/open-webui

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

7.7CVSS7.8AI score0.24461EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/20 10:9 a.m.18 views

CVE-2024-7959 SSRF in open-webui/open-webui

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery SSRF. An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the...

7.7CVSS0.24461EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:9 a.m.70 views

CVE-2024-7959

The CVE-2024-7959 entry affects open-webui/open-webui v0.3.8, where the /openai/models endpoint is vulnerable to SSRF. An attacker can modify the OpenAI URL without validation, causing the endpoint to issue requests to arbitrary URLs and return the response, potentially exposing internal services...

7.7CVSS7.8AI score0.24461EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder