4 matches found
CVE-2026-48545
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...
GHSA-7HP7-4P35-3CX2 Gradio contains a cookie injection vulnerability
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...
CVE-2024-2206
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replicaurls set through the X-Direct-Url header in requests to the / and /config routes, allowing the...
PT-2024-19175
Name of the Vulnerable Software and Affected Versions gradio-app/gradio affected versions not specified Description A vulnerability exists due to insufficient validation of user-supplied URLs in the "/proxy" route. Attackers can exploit this by manipulating the self.replica urls set through the...