## https://sploitus.com/exploit?id=9065A75B-1453-5558-A3D3-67341E3FACF0
# CVE-2024-12537 Open WebUI Code Format DoS Lab
This repository contains a local, isolated reproduction lab and nuclei template candidate for `CVE-2024-12537`, an unauthenticated denial-of-service vulnerability in Open WebUI's code formatting endpoint.
The lab does not send large denial-of-service payloads. It validates the nuclei detection logic through Open WebUI's unauthenticated `/api/version` fingerprint endpoint and a minimal `{"code":"x"}` request to `/api/v1/utils/code/format`, then compares a vulnerable version with a patched/newer version.
## Summary
- Product: `open-webui/open-webui`
- Vulnerability: Unauthenticated uncontrolled resource consumption / denial of service
- CVE: `CVE-2024-12537`
- GHSA: `GHSA-chf7-q7m5-fq92`
- Affected endpoint: `POST /api/v1/utils/code/format`
- Fingerprint endpoint used by this lab: `GET /api/version`
- Vulnerable version validated: `v0.5.10`
- Patched/newer version validated: `v0.6.14`
- Nuclei cutoff used here: `< 0.5.14` for the unauthenticated threat model
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-12537
- https://github.com/advisories/GHSA-chf7-q7m5-fq92
- https://huntr.com/bounties/edabd06c-acc0-428c-a481-271f333755bc
## Files
- `docker-compose.yml`: starts Open WebUI with a selectable Docker tag
- `verify-cve-2024-12537.sh`: waits for readiness, prints `/api/version`, and runs nuclei when available
- `nuclei/CVE-2024-12537.yaml`: nuclei template candidate
## Requirements
- Docker Engine or Docker Desktop
- `curl`
- Optional: `nuclei`
Run this only in a local isolated lab. Do not use these commands against third-party systems. Use only against systems you own or have explicit written authorization to test.
## Reproduce Vulnerable-Version Detection
Start Open WebUI `v0.5.10`:
```bash
WEBUI_TAG=v0.5.10 docker compose up -d
```
Run the verification script:
```bash
sh verify-cve-2024-12537.sh
```
Observed vulnerable-version response:
```http
HTTP/1.1 200 OK
content-type: application/json
{"version":"0.5.10"}
```
Observed vulnerable-version nuclei output:
```text
[CVE-2024-12537:dsl-1] [http] [high] http://127.0.0.1:3010/api/v1/utils/code/format ["0.5.10"]
```
Clean up:
```bash
docker compose down -v
```
## Reproduce Patched/Newer-Version Control
Start Open WebUI `v0.6.14`:
```bash
WEBUI_TAG=v0.6.14 docker compose up -d
```
Run the verification script:
```bash
sh verify-cve-2024-12537.sh
```
Observed patched/newer-version response:
```http
HTTP/1.1 200 OK
content-type: application/json
{"version":"0.6.14"}
```
Observed patched/newer-version nuclei output:
```text
No results found
```
Clean up:
```bash
docker compose down -v
```
## Nuclei
Validate the template:
```bash
nuclei -validate -t nuclei/CVE-2024-12537.yaml
```
Run against the local lab:
```bash
nuclei -silent \
-t nuclei/CVE-2024-12537.yaml \
-include-templates nuclei/CVE-2024-12537.yaml \
-u http://127.0.0.1:3010
```
Expected behavior:
- `v0.5.10`: match
- `v0.6.14`: no match
## Notes
- The template intentionally avoids sending a large request body to `/api/v1/utils/code/format`.
- The endpoint proof uses only `{"code":"x"}`, which returned `{"code":"x\n"}` on Docker `v0.5.10` and `{"detail":"Not authenticated"}` on Docker `v0.6.14`.
- The example nuclei command includes `-include-templates` because templates tagged `dos` may be excluded by default.
- Some Open WebUI versions briefly return `curl: (52) Empty reply from server` while the application is still starting. The verification script waits until `/api/version` responds.
- `docker-compose.yml` sets `RAG_EMBEDDING_MODEL=""` and `RAG_EMBEDDING_MODEL_AUTO_UPDATE=False` so the lab does not block on embedding model initialization.
- GitHub Advisory currently lists package affected versions as `<= 0.3.32`; this lab uses the unauthenticated code-path cutoff `< 0.5.14` based on commit tracing. The relevant sequence is `d3d161f72` (no authentication, `v0.5.0`-`v0.5.13`), `2f75eef49` (adds `get_verified_user`, `v0.5.14`+), and `4fe45d443` (hardens to `get_admin_user`, `v0.6.14`+).
- No real-world targets were used.