Denial of Service Vulnerability in Open-WebUI by Open-WebUI
CVE-2024-7036
7.5HIGH
What is CVE-2024-7036?
A vulnerability in Open-WebUI version 0.3.8 allows unauthenticated attackers to exploit the 'name' field by entering excessively large text. This attack leads to an unresponsive Admin panel, hindering administrators from performing crucial user management tasks such as adding, editing, or deleting user accounts. Additionally, authenticated users with low privileges can also trigger this vulnerability, affecting overall administrative functions within the application.
Affected Version(s)
open-webui/open-webui <= unspecified