{"id":"GHSA-x757-hv69-jr45","summary":"Open WebUI has SSRF in /openai/models","details":"The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.","aliases":["CVE-2024-7959"],"modified":"2025-03-21T21:45:28.566403Z","published":"2025-03-20T12:32:46Z","database_specific":{"nvd_published_at":"2025-03-20T10:15:38Z","github_reviewed":true,"cwe_ids":["CWE-918"],"github_reviewed_at":"2025-03-21T21:16:29Z","severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7959"},{"type":"PACKAGE","url":"https://github.com/open-webui/open-webui"},{"type":"WEB","url":"https://huntr.com/bounties/3c8bea0a-d678-4d67-bb9c-2b5b610a2193"}],"affected":[{"package":{"name":"open-webui","ecosystem":"PyPI","purl":"pkg:pypi/open-webui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.3.8"}]}],"versions":["0.1.124","0.1.125","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-x757-hv69-jr45/GHSA-x757-hv69-jr45.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}]}