Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.11 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.6AI score0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 3:33 p.m.3 views

GHSA-7HP7-4P35-3CX2 Gradio contains a cookie injection vulnerability

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS5.9AI score0.0035EPSS
Exploits0References7
NVD
NVD
added 2024/03/27 1:15 a.m.18 views

CVE-2024-2206

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replicaurls set through the X-Direct-Url header in requests to the / and /config routes, allowing the...

7.3CVSS7.1AI score0.00421EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-19175

Name of the Vulnerable Software and Affected Versions gradio-app/gradio affected versions not specified Description A vulnerability exists due to insufficient validation of user-supplied URLs in the "/proxy" route. Attackers can exploit this by manipulating the self.replica urls set through the...

7.3CVSS7.2AI score0.00421EPSS
Exploits1References13
Rows per page
Query Builder