Skip to content

Server-side request forgery in utils.py

Moderate
tjbck published GHSA-39wr-r5vm-3jxj Apr 16, 2024

Package

No package listed

Affected versions

v0.1.111

Patched versions

v0.1.117

Description

Summary

Open-webui is vulnerable to authenticated blind server-side request forgery in v0.1.111.

Severity

Moderate

CVE ID

CVE-2024-30256

Weaknesses

Credits