{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T10:37:11.382","vulnerabilities":[{"cve":{"id":"CVE-2024-8053","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:39.993","lastModified":"2025-03-27T11:15:36.737","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In version v0.3.10 of open-webui/open-webui, the `api/v1/utils/pdf` endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading to server resource exhaustion and denial of service (DoS). Additionally, unauthorized users can misuse the endpoint to generate PDFs without verification, resulting in service misuse and potential operational and financial impacts."},{"lang":"es","value":"En la versión v0.3.10 de open-webui/open-webui, el endpoint `api/v1/utils/pdf` carece de mecanismos de autenticación, lo que permite a atacantes no autenticados acceder al servicio de generación de PDF. Esta vulnerabilidad puede explotarse enviando una solicitud POST con una carga excesiva, lo que podría provocar el agotamiento de los recursos del servidor y una denegación de servicio (DoS). Además, usuarios no autorizados pueden usar indebidamente el endpoint para generar PDF sin verificación, lo que resulta en un uso indebido del servicio y posibles impactos operativos y financieros."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openwebui:open_webui:0.3.10:*:*:*:*:*:*:*","matchCriteriaId":"29BD3977-F33C-4BD9-80A5-0D176D4176CE"}]}]}],"references":[{"url":"https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/ebe8c1fa-113b-4df9-be03-a406b9adb9f4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}