2 matches found
Directory Traversal
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Directory Traversal through the /models/upload endpoint. An attacker can manipulate the file.filename parameter to include directory traversal sequences, causing the resulting filepath to escape the intended...
Open WebUI 路径遍历漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A path traversal vulnerability exists in Open WebUI version 0.3.8, which stems from improper handling of filenames in the /models/upload endpoint, which could lead to arbitrary file writes...