PT-2025-12150 · Unknown+2 · Open-Webui+2

Published

2025-03-20

Updated

2025-03-20

CVE-2024-12868

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions open-webui version 0.3.32 fastapi versions prior to 0.115.3

Description The issue arises from the application's use of a vulnerable version of the starlette package, which is a dependency of fastapi. This vulnerability can lead to uncontrolled resource consumption, potentially causing a denial of service through memory exhaustion.

Recommendations For open-webui version 0.3.32, update the fastapi dependency to version 0.115.3 or later. For fastapi versions prior to 0.115.3, update to version 0.115.3 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-12868

GHSA-W466-2WFC-8G58

Affected Products

Fastapi

Open-Webui

Starlette

PT-2025-12150 · Unknown+2 · Open-Webui+2

CVE-2024-12868

Weakness Enumeration

Related Identifiers

Affected Products

References · 7