CVE-2024-12534

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions open-webui/open-webui version 0.3.32

Description The application lacks character length validation on the

email

and

password

fields during the sign-in process. This allows users to submit large payloads, potentially leading to a Denial of Service (DoS) condition. Submitting excessively large strings can exhaust server resources, including CPU, memory, and disk space, rendering the service unavailable to legitimate users. The server becomes susceptible to resource exhaustion attacks without authentication.

Recommendations open-webui/open-webui version 0.3.32: Implement character length validation on the

email

and

password

input fields to prevent the submission of excessively large payloads.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-12534

GHSA-G3MX-83MP-3RWC

Affected Products

Open-Webui

CVE-2024-12534

Weakness Enumeration

Related Identifiers

Affected Products

References · 8