open-webui allows writing and deleting arbitrary files

GHSA-54f4-v6v9-9q82 · CVE-2024-7037

Published Oct 9, 2024 · Modified Oct 9, 2024

Description

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-7037
PACKAGE https://github.com/open-webui/open-webui
WEB https://github.com/open-webui/open-webui/blob/main/backend/main.py#L1513
WEB https://huntr.com/bounties/8508db68-9c99-4b1c-828c-e1bfcacfb847

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes