Home > Vulnerability Database > CVE-2024-8053

Mend.io Vulnerability Database

CVE-2024-8053

Date: March 20, 2025

In version v0.3.10 of open-webui/open-webui, the "api/v1/utils/pdf" endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and financial impacts.

Severity Score

8.2

Related Resources (4)

Url: https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8053

Url: https://github.com/open-webui/open-webui

Url: https://www.mend.io/vulnerability-database/CVE-2024-8053

Severity Score

8.2

Weakness Type (CWE)

Improper Authentication

CWE-287

Missing Authentication for Critical Function

CWE-306

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8053

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?