GHSA-frv8-gffc-37px
Suggest an improvement- Source
- https://github.com/advisories/GHSA-frv8-gffc-37px
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-frv8-gffc-37px/GHSA-frv8-gffc-37px.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-frv8-gffc-37px
- Aliases
- Published
- 2025-12-04T18:30:53Z
- Modified
- 2025-12-05T03:42:51.636140Z
- Severity
-
- 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- open-webui is Vulnerable to Incorrect Access Control
- Details
-
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2025-12-05T02:21:41Z", "severity": "LOW", "nvd_published_at": "2025-12-04T16:16:22Z", "cwe_ids": [ "CWE-284" ] }- References
Affected packages
PyPI / open-webui
Package
- Name
- open-webui
- View open source insights on deps.dev
- Purl
- pkg:pypi/open-webui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.6.33
Affected versions
0.*
0.1.124
0.1.125
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17.dev2
0.3.17.dev3
0.3.17.dev4
0.3.17.dev5
0.3.17
0.3.18
0.3.19
0.3.20
0.3.21
0.3.22
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27.dev1
0.3.27.dev2
0.3.27.dev3
0.3.27
0.3.28
0.3.29
0.3.30.dev1
0.3.30.dev2
0.3.30
0.3.31.dev1
0.3.31
0.3.32
0.3.33.dev1
0.3.33
0.3.34
0.3.35
0.4.0.dev1
0.4.0.dev2
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6.dev1
0.4.6
0.4.7
0.4.8
0.5.0.dev1
0.5.0.dev2
0.5.0
0.5.1
0.5.2
0.5.3.dev1
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.5.12
0.5.13
0.5.14
0.5.15
0.5.16
0.5.17
0.5.18
0.5.19
0.5.20
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6.dev1
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.18
0.6.19
0.6.20
0.6.21
0.6.22
0.6.23
0.6.24
0.6.25
0.6.26.dev1
0.6.26
0.6.27
0.6.28
0.6.29
0.6.30
0.6.31
0.6.32
0.6.33