AI Threat Alert

GHSA-w466-2wfc-8g58

GHSA-w466-2wfc-8g58 HIGH
Published March 20, 2025

In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions <=0.49 are susceptible to...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package Ecosystem Vulnerable Range Patched
open-webui pip <= 0.3.32 No patch

Do you use open-webui? You're affected.

Severity & Risk

CVSS 3.1
7.5 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

In version 0.3.32 of open-webui, the application uses a vulnerable version of the starlette package through its dependency on fastapi. The starlette package versions <=0.49 are susceptible to uncontrolled resource consumption, which can be exploited to cause a denial of service through memory exhaustion. This issue is addressed in fastapi version 0.115.3.

Weaknesses (CWE)

CWE-400 Uncontrolled Resource Consumption Primary

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Timeline

Published
March 20, 2025
Last Modified
April 15, 2025
First Seen
March 24, 2026
Back to Threat Feed