CVE-2024-7036

Name of the Vulnerable Software and Affected Versions open-webui/open-webui version 0.3.8

Description A vulnerability allows an unauthenticated attacker to sign up with excessively large text in the name field, causing the Admin panel to become unresponsive. This prevents administrators from performing essential user management actions. The issue can also be exploited by authenticated users with low privileges, leading to the same unresponsive state in the Admin panel.

Recommendations For open-webui/open-webui version 0.3.8, consider restricting the length of the name field to prevent excessively large input from causing the Admin panel to become unresponsive. As a temporary workaround, limit user sign-ups or manually monitor and manage user accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.