Safety vulnerability ID: 76243
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of the open-webui package are vulnerable to Arbitrary File Overwrite due to improper input validation of user-supplied filenames. The /models/upload endpoint constructs file paths using file_path = f"{UPLOAD_DIR}/{file.filename}" without sanitizing the file.filename parameter, allowing directory traversal sequences to escape the intended upload directory. An attacker can exploit this vulnerability by crafting malicious filenames containing path traversal sequences to overwrite arbitrary files on the system, potentially modifying system binaries, configuration files, or sensitive data to achieve remote code execution.
Latest version: 0.6.31
Open WebUI
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application