CVE-2024-7959: Open WebUI has SSRF in /openai/models

March 20, 2025 (updated March 21, 2025)

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.

References

github.com/advisories/GHSA-x757-hv69-jr45
github.com/open-webui/open-webui
huntr.com/bounties/3c8bea0a-d678-4d67-bb9c-2b5b610a2193
nvd.nist.gov/vuln/detail/CVE-2024-7959

Code Behaviors & Features

Detect and mitigate CVE-2024-7959 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →