2 matches found
Arbitrary File Write
open-webui/open-webui is vulnerable to an arbitrary file write. The vulnerability is due to improper handling of file paths in the downloadmodel endpoint on Windows, which allows an attacker to manipulate file paths and write files to arbitrary locations on the server...
GHSA-3P9Q-7W63-3F8Q Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
In version 0.3.8 of open-webui/open-webui, an arbitrary file write vulnerability exists in the downloadmodel endpoint. When deployed on Windows, the application improperly handles file paths, allowing an attacker to manipulate the file path to write files to arbitrary locations on the server's...