5 matches found
Cross-site Request Forgery (CSRF)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the getuserprofileimagebyid and getmodelprofileimage handlers in the profile image endpoints. An attacker can supply an external https profile image URL, causing the...
Incorrect Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Incorrect Authorization via the pinnotebyid process. An attacker can modify the ispinned status of a shared note without proper authorization by sending a POST request to the relevant endpoint while only havi...
Reliance on File Name or Extension of Externally-Supplied File
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Reliance on File Name or Extension of Externally-Supplied File via the audio transcription upload process. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a...
Missing ownership check in Tables app allows moving columns into tables of other users
None...
Deserialization of Untrusted Data
Overview llamafactory is an Easy-to-use LLM fine-tuning framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the torch.load function. An attacker can execute arbitrary commands by crafting a malicious .bin file that is then deserialized. PoC pyth...