What is the severity of CVE-2024-12534?

CVE-2024-12534 has been classified with a severity level indicating that it can lead to Denial of Service (DoS) conditions.

How do I fix CVE-2024-12534?

To fix CVE-2024-12534, you should implement character length validation on the email and password fields in the sign-in process.

What causes CVE-2024-12534?

CVE-2024-12534 is caused by the lack of character length validation on user inputs during the sign-in process.

What are the potential impacts of CVE-2024-12534?

The potential impacts of CVE-2024-12534 include service disruptions and Denial of Service attacks due to excessive payload submissions.

Who is affected by CVE-2024-12534?

CVE-2024-12534 affects users of the open-webui application version v0.3.32 or earlier.

Vulnerability/
CVE-2024-12534

high

7.5

CWE

400

20/3/2025

21/3/2025

CVE-2024-12534: Denial of Service (DoS) in open-webui/open-webui

First published: Thu Mar 20 2025(Updated: )

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service (DoS) condition when a user submits excessively large strings, exhausting server resources such as CPU, memory, and disk space, and rendering the service unavailable for legitimate users. This makes the server susceptible to resource exhaustion attacks without requiring authentication.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
open-webui
npm/open-webui	<=0.3.32
pip/open-webui	<=0.3.32

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-12534?
CVE-2024-12534 has been classified with a severity level indicating that it can lead to Denial of Service (DoS) conditions.
How do I fix CVE-2024-12534?
To fix CVE-2024-12534, you should implement character length validation on the email and password fields in the sign-in process.
What causes CVE-2024-12534?
CVE-2024-12534 is caused by the lack of character length validation on user inputs during the sign-in process.
What are the potential impacts of CVE-2024-12534?
The potential impacts of CVE-2024-12534 include service disruptions and Denial of Service attacks due to excessive payload submissions.
Who is affected by CVE-2024-12534?
CVE-2024-12534 affects users of the open-webui application version v0.3.32 or earlier.

agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/author
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-g3mx-83mp-3rwc
alias/CVE-2024-12534
collector/nvd-cve
agent/references
agent/source
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/mitre-cve
source/MITRE
collector/github-advisory
vendor/open-webui
canonical/open-webui
package-manager/npm
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.