CVE-2024-7983
published 2025-03-20CVE-2024-7983: In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause…
PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.81%
52.3th percentile
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-webui | open-webui | 0 – 0.3.8 | — |
| open-webui | open-webui_open-webui | unspecified – latest | — |
| openwebui | open_webui | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open WebUI denial of service through endpoint for converting markdown
osv·2025-03-20
CVE-2024-7983 [HIGH] Open WebUI denial of service through endpoint for converting markdown
Open WebUI denial of service through endpoint for converting markdown
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.
GHSA
Open WebUI denial of service through endpoint for converting markdown
ghsa·2025-03-20
CVE-2024-7983 [HIGH] CWE-400 Open WebUI denial of service through endpoint for converting markdown
Open WebUI denial of service through endpoint for converting markdown
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published