The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| open-webui(PyPI) | 0 | N/A | N/A |
CVSS Metrics
