Security vulnerability report - 3rd attempt at contact #574

New Issue

GiteaMirror · 2025-11-11T14:26:24-06:00

GiteaMirror commented

2025-11-11 14:26:24 -06:00

Originally created by @KoreLogicSecurityDisclosures on GitHub (Apr 1, 2024).

A member of our team has discovered a vulnerability in one of your products. It is our desire to pursue a course of responsible disclosure of this vulnerability with your cooperation.

We first attempted contact 2024.03.05 via email to support@openwebui.com.

On 2024.03.12 we submitted the discovery details via the Github Security 'Report a Vulnerability' feature. On 2024.03.12 we invited @tjbck to our private fork of the open-webui project and issued a Pull Request.

Please review our Vulnerability Disclosure Policy at https://korelogic.com/KoreLogic-Public-Vulnerability-Disclosure-Policy.v2.4.txt.

Originally created by @KoreLogicSecurityDisclosures on GitHub (Apr 1, 2024). A member of our team has discovered a vulnerability in one of your products. It is our desire to pursue a course of responsible disclosure of this vulnerability with your cooperation. We first attempted contact 2024.03.05 via email to support@openwebui.com. On 2024.03.12 we submitted the discovery details via the Github Security 'Report a Vulnerability' feature. On 2024.03.12 we invited @tjbck to our private fork of the open-webui project and issued a Pull Request. Please review our Vulnerability Disclosure Policy at https://korelogic.com/KoreLogic-Public-Vulnerability-Disclosure-Policy.v2.4.txt.

GiteaMirror closed this issue

2025-11-11 14:26:24 -06:00

GiteaMirror commented

2025-11-11 14:26:25 -06:00

@justinh-rahb commented on GitHub (Apr 1, 2024):

3 week old account, almost no activity. This smells like bot activity.

@justinh-rahb commented on GitHub (Apr 1, 2024): 3 week old account, almost no activity. This smells like bot activity.

GiteaMirror commented

2025-11-11 14:26:25 -06:00

@tjbck commented on GitHub (Apr 1, 2024):

Feel free to make a PR directly, Thanks!

@tjbck commented on GitHub (Apr 1, 2024): Feel free to make a PR directly, Thanks!

GiteaMirror commented

2025-11-11 14:26:25 -06:00

@KoreLogicSecurityDisclosures commented on GitHub (Apr 1, 2024):

We initially reported two distinct issues via the Github security feature. The PR we have is a suggested mitigation, but it only covers one of the reported issues. In the interest of protecting the OpenWeb-UI user base, we believe it prudent to keep the specifics of the vulnerabilities embargoed until upstream has had an opportunity to implement appropriate mitigations in the source tree. Please contact us using the email address and PGP key provided in the advisories we submitted 2024.03.12 via Github.

@KoreLogicSecurityDisclosures commented on GitHub (Apr 1, 2024): We initially reported two distinct issues via the Github security feature. The PR we have is a suggested mitigation, but it only covers one of the reported issues. In the interest of protecting the OpenWeb-UI user base, we believe it prudent to keep the specifics of the vulnerabilities embargoed until upstream has had an opportunity to implement appropriate mitigations in the source tree. Please contact us using the email address and PGP key provided in the advisories we submitted 2024.03.12 via Github.

GiteaMirror referenced this issue

2025-11-11 17:19:22 -06:00

[PR #575] [MERGED] Enhance GPU detection logic to support WSL2 environments #7179

GiteaMirror referenced this issue

2026-04-19 18:56:07 -05:00

[GH-ISSUE #574] Enhance GPU Detection Logic for WSL2 Compatibility #12127

GiteaMirror referenced this issue

2026-04-20 02:55:58 -05:00

[PR #575] [MERGED] Enhance GPU detection logic to support WSL2 environments #20383

GiteaMirror referenced this issue

2026-04-25 02:23:58 -05:00

[GH-ISSUE #574] Enhance GPU Detection Logic for WSL2 Compatibility #27655