CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-7983: Denial of Service in open-webui/open-webui

7.5 CVSS

Description

In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.

Classification

CVE ID: CVE-2024-7983

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-400 Uncontrolled Resource Consumption

Affected Products

Vendor: open-webui

Product: open-webui/open-webui

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 26.98% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-7983
https://huntr.com/bounties/f8156ca5-1328-480f-a72b-8d3dfdad87dc

Timeline

2025-03-20 11:40:35 UTC
CVE

Denial of Service in open-webui/open-webui