github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #7561] CVE-2024-33663 with python-jose requirement vulnerability #14793

New Issue
Closed
opened 2026-04-19 21:04:14 -05:00 by GiteaMirror · 3 comments
GiteaMirror commented 2026-04-19 21:04:14 -05:00
Owner
Copy Link

Originally created by @dmvieira on GitHub (Dec 2, 2024).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/7561

Summary

This is a critical severity security issue opened here.

Details

Latest version of openwebui is using python-jose 3.3.0

PoC

look at requirements.txt or pyproject.toml

Impact

Security scans are blocking it

Originally created by @dmvieira on GitHub (Dec 2, 2024). Original GitHub issue: https://github.com/open-webui/open-webui/issues/7561 ### Summary This is a [critical severity security](https://vuldb.com/?id.262059) issue [opened here](https://github.com/mpdavis/python-jose/issues/346). ### Details Latest version of openwebui is using python-jose 3.3.0 ### PoC look at requirements.txt or pyproject.toml ### Impact Security scans are blocking it
GiteaMirror commented 2026-04-19 21:04:15 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Dec 2, 2024):

I'm pretty sure it's not being used anywhere in the codebase. Confirmation wanted here!

<!-- gh-comment-id:2512632141 --> @tjbck commented on GitHub (Dec 2, 2024): I'm pretty sure it's not being used anywhere in the codebase. Confirmation wanted here!
GiteaMirror commented 2026-04-19 21:04:15 -05:00
Author
Owner
Copy Link

@dmvieira commented on GitHub (Dec 2, 2024):

it's here: https://github.com/search?q=repo%3Aopen-webui%2Fopen-webui%20python-jose&type=code

<!-- gh-comment-id:2512669149 --> @dmvieira commented on GitHub (Dec 2, 2024): it's here: https://github.com/search?q=repo%3Aopen-webui%2Fopen-webui%20python-jose&type=code
GiteaMirror commented 2026-04-19 21:04:16 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Dec 2, 2024):

Yes it's in the requirements, but I believe it's not being used. Confirmation wanted here.

<!-- gh-comment-id:2512687221 --> @tjbck commented on GitHub (Dec 2, 2024): Yes it's in the requirements, but I believe it's not being used. Confirmation wanted here.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#14793
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?