Security Advisory

CVE-2024-7983

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:35

Last updated 2025-10-15 12:49:52

Assigner @huntr_ai

State PUBLISHED

Description

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.

← Browse all CVEs View on cve.org ↗