CVE-2024-12534

Name of the Vulnerable Software and Affected Versions open-webui/open-webui version 0.3.32

Description The application lacks character length validation on the email and password fields during the sign-in process. This allows users to submit large payloads, potentially leading to a Denial of Service (DoS) condition. Submitting excessively large strings can exhaust server resources, including CPU, memory, and disk space, rendering the service unavailable to legitimate users. The server becomes susceptible to resource exhaustion attacks without authentication.

Recommendations open-webui/open-webui version 0.3.32: Implement character length validation on the email and password input fields to prevent the submission of excessively large payloads.