Vulnerability Details CVE-2024-7983
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-7983
-
cpe:2.3:a:openwebui:open_webui:0.3.8