We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-7037

Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui



Description

In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vulnerability allows attackers to overwrite and delete system files, potentially leading to remote code execution.

Reserved 2024-07-23 | Published 2024-10-09 | Updated 2024-10-10 | Assigner @huntr_ai


MEDIUM: 6.5CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Any version
affected

References

huntr.com/bounties/8508db68-9c99-4b1c-828c-e1bfcacfb847

cve.org (CVE-2024-7037)

nvd.nist.gov (CVE-2024-7037)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-7037

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.