CVE-2024-7999

Name of the Vulnerable Software and Affected Versions open-webui/open-webui version 79778fa

Description A vulnerability allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering the application inaccessible. This issue can prevent all users from accessing the application until the server recovers.

Recommendations For open-webui/open-webui version 79778fa, as a temporary workaround, consider restricting file uploads or validating the multipart boundary to prevent malicious uploads until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.