Oobabooga

**Name of the Vulnerable Software and Affected Versions** text-generation-webui versions prior to 4.1.1 **Description** text-generation-webui is an open-source web interface for running Large Language Models. Prior to version 4.1.1, users could save extension settings in '.py' format within the application root directory, enabling overwriting of Python files such as 'download-model.py'. This overwritten file could then be triggered for execution through the 'Model' menu when a new model download was requested. **Recommendations** Update to version 4.1.1 or later.