skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
April 18, 2024

GHSL-2024-033: Server-Side Request Forgery (SSRF) in open-webui - CVE-2024-30256

Sylwia Budzynska

Coordinated Disclosure Timeline


Open-webui is vulnerable to authenticated blind server-side request forgery.



Tested Version



Blind SSRF in backend/apps/web/routers/ (GHSL-2024-033)

The download endpoint accepts user input in the url GET parameter, which is later used in the download_file_stream function to send a GET request, which leads to a blind server-side request forgery.

async def download_file_stream(url, file_path, file_name, chunk_size=1024 * 1024):
    done = False

    if os.path.exists(file_path):
        current_size = os.path.getsize(file_path)
        current_size = 0

    headers = {"Range": f"bytes={current_size}-"} if current_size > 0 else {}

    timeout = aiohttp.ClientTimeout(total=600)  # Set the timeout

    async with aiohttp.ClientSession(timeout=timeout) as session:
        async with session.get(url, headers=headers) as response:
            total_size = int(response.headers.get("content-length", 0)) + current_size


This issue allows for sending requests on behalf of open-webui server and can be leveraged to probe for other vulnerabilities on the server itself or on other back-end systems on the internal network, that the open-webui server can reach.



This issue was discovered and reported by GHSL team member @sylwia-budzynska (Sylwia Budzynska). This vulnerability was found with help of CodeQL.


You can contact the GHSL team at, please include a reference to GHSL-2024-033 in any communication regarding this issue.