GHSA-g3mx-83mp-3rwc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g3mx-83mp-3rwc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-g3mx-83mp-3rwc/GHSA-g3mx-83mp-3rwc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g3mx-83mp-3rwc
- Aliases
-
- CVE-2024-12534
- Published
- 2025-03-20T12:32:43Z
- Modified
- 2025-03-21T18:23:47.613456Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Open WebUI Uncontrolled Resource Consumption vulnerability
- Details
-
In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legitimate users. This makes the server susceptible to resource exhaustion attacks without requiring authentication.
- Database specific
{ "nvd_published_at": "2025-03-20T10:15:29Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-03-21T17:30:09Z" }- References
Affected packages
PyPI / open-webui
Package
- Name
- open-webui
- View open source insights on deps.dev
- Purl
- pkg:pypi/open-webui
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.3.32
Affected versions
0.*
0.1.124
0.1.125
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.3.10
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17.dev2
0.3.17.dev3
0.3.17.dev4
0.3.17.dev5
0.3.17
0.3.18
0.3.19
0.3.20
0.3.21
0.3.22
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27.dev1
0.3.27.dev2
0.3.27.dev3
0.3.27
0.3.28
0.3.29
0.3.30.dev1
0.3.30.dev2
0.3.30
0.3.31.dev1
0.3.31
0.3.32
npm / open-webui
Package
- Name
- open-webui
- View open source insights on deps.dev
- Purl
- pkg:npm/open-webui