admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-98xx/CVE-2024-9840.json
cad-safe-bot 45c9d5d76c Auto-Update: 2025-03-23T03:00:20.104511+00:00
2025-03-23 03:03:54 +00:00

60 lines
2.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-9840",
"sourceIdentifier": "security@huntr.dev",
"published": "2025-03-20T10:15:50.057",
"lastModified": "2025-03-20T10:15:50.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (DoS) vulnerability exists in open-webui/open-webui version 0.3.21. This vulnerability affects multiple endpoints, including `/ollama/models/upload`, `/audio/api/v1/transcriptions`, and `/rag/api/v1/doc`. The application processes multipart boundaries without authentication, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability can be exploited remotely, resulting in high CPU and memory usage, and rendering the service inaccessible to legitimate users."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en open-webui/open-webui versi\u00f3n 0.3.21. Esta vulnerabilidad afecta a varios endpoints, incluyendo `/ollama/models/upload`, `/audio/api/v1/transcriptions` y `/rag/api/v1/doc`. La aplicaci\u00f3n procesa los l\u00edmites multiparte sin autenticaci\u00f3n, lo que provoca el agotamiento de recursos. Al a\u00f1adir caracteres adicionales al l\u00edmite multiparte, un atacante puede hacer que el servidor analice cada byte del l\u00edmite, lo que finalmente provoca la indisponibilidad del servicio. Esta vulnerabilidad puede explotarse remotamente, lo que resulta en un alto consumo de CPU y memoria, y hace que el servicio sea inaccesible para usuarios leg\u00edtimos."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/9178f09e-4d4f-4a5b-bc32-cada7445b03c",
"source": "security@huntr.dev"
}
]
}
Reference in New Issue View Git Blame Copy Permalink