CVE-2024-12537

Summary

CVE-2024-12537 is a vulnerability affecting open-webui version 0.3.32. The issue involves the lack of authentication, allowing unauthenticated attackers to access the `api/v1/utils/code/format` endpoint. A malicious actor could exploit this by sending an excessive volume of data in a POST request, causing the server to become completely unresponsive or experience significant performance degradation. This could ultimately result in service interruptions for legitimate users. The vulnerability poses a significant risk, as unauthenticated access and denial-of-service (DoS) attacks can result in severe consequences for organizations. It is essential that users of open-webui version 0.3.32 upgrade to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.