Remote Code Execution in OpenWebUI via Arbitrary File Upload

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on the `file.content_type` and allows user-controlled filenames, leading to a path traversal vulnerability. This can be exploited by an authenticated user to overwrite critical files within the Docker container, potentially leading to remote code execution as the root user.

N/A

对路径名的限制不恰当(路径遍历)

Open WebUI 代码问题漏洞

Open WebUI是Open WebUI开源的一个可扩展、功能丰富、用户友好的自托管 WebUI。 Open WebUI 0.3.0版本存在代码问题漏洞，该漏洞源于音频API端点/audio/api/v1/transcriptions允许任意文件上传，由于对file.content_type验证不足，可能导致路径遍历和远程代码执行。

N/A

N/A