Lucene search
+L

74 matches found

Veracode
Veracode
added 2024/10/16 10:57 a.m.6 views

Server-Side Request Forgery (SSRF)

Gradio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to SSRF in the /queue/join endpoint, allowing attackers to exploit the asyncsaveurltocache function to make HTTP requests to user-controlled URLs. This can enable attackers to target internal servers, exfiltrate...

9.8CVSS6.7AI score0.00476EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/10 10:15 p.m.9 views

PYSEC-2024-215

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

9.8CVSS9.4AI score0.00476EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/10 10:1 p.m.27 views

Gradio vulnerable to SSRF in the path parameter of /queue/join

Impact What kind of vulnerability is it? Who is impacted? This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable...

9.8CVSS6.7AI score0.00476EPSS
Exploits0References4Affected Software1
OwnCloud
OwnCloud
added 2024/09/09 12:0 a.m.26 views

Server-Side Request Forgery in federated sharing API - ownCloud

Server-Side Request Forgery in federated sharing API may allow an unauthenticated attacker to identify internal servers. Furthermore, due to improper timeout handling, the server could be affected by a Denial of Service attack...

5.3CVSS6.8AI score
Exploits0Affected Software1
OSV
OSV
added 2024/06/27 6:45 p.m.10 views

CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS7.2AI score0.00554EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.9 views

PT-2024-37222 · Quivr · Quivr

Name of the Vulnerable Software and Affected Versions: stangirard/quivr version 0.0.236 Description: The application contains a Server-Side Request Forgery SSRF vulnerability due to insufficient controls when crawling a website. This allows an attacker to access applications on the local network,...

8.6CVSS8.5AI score0.00554EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/13 2:10 p.m.51 views

CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...

7.1CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 7:16 p.m.23 views

CVE-2024-5186

A Server-Side Request Forgery SSRF vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,...

8.3CVSS0.00344EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 6:30 p.m.57 views

GHSA-973G-55HP-3FRW Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

8.6CVSS8.3AI score0.37366EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/06/06 6:30 p.m.23 views

Server-Side Request Forgery in gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio and was discovered in version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is us...

8.6CVSS8.3AI score0.37366EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/06/06 6:19 p.m.79 views

CVE-2024-5186

CVE-2024-5186 concerns an SSRF in imartinez/privategpt v0.5.0. The flaw lies in the file upload flow where the attacker can manipulate the request’s path parameter to cause the application to perform arbitrary requests to internal services, including the AWS metadata endpoint. Documented impact: ...

8.3CVSS7.9AI score0.00344EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 5:55 p.m.22 views

CVE-2024-4325 Server-Side Request Forgery (SSRF) in gradio-app/gradio

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS6.7AI score0.37366EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 5:55 p.m.104 views

CVE-2024-4325

Gradio SSRF (CVE-2024-4325) affects gradio-app/gradio v4.21.0, vulnerable at /queue/join and the save_url_to_cache path handling. User-supplied path is used to fetch URLs without adequate validation, enabling potential access to internal services and AWS metadata endpoints. Remediation: upgrade t...

8.6CVSS8.3AI score0.37366EPSS
In wildExploits1References1Affected Software1
OSV
OSV
added 2024/05/16 9:33 a.m.5 views

GHSA-CQH9-JFQR-H9JJ Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying issue existed in Weights and Biases's backend server code, not the software development kit included in the wandb PyPI package, as originally reported. This link is maintained to preserve external references. Original...

7.7CVSS6.4AI score
Exploits0References4
CVE
CVE
added 2024/05/16 9:3 a.m.7280 views

CVE-2024-4642

CVE-2024-4642 is described in connected advisories as a Server-Side Request Forgery (SSRF) in the wandb/wandb repository, caused by improper handling of HTTP redirects (HTTP 302). The issue could allow team members with access to the Webhooks settings to reach internal HTTP(S) endpoints, with pot...

6.8AI score
Exploits0
OSV
OSV
added 2024/03/06 10:56 a.m.62 views

BIT-MLFLOW-2023-6974 Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abuse to get a remote code execution on the victim machine...

9.8CVSS9.4AI score0.01507EPSS
Exploits1References3
OSV
OSV
added 2024/01/31 6:4 p.m.22 views

GHSA-P59W-9GQW-WJ8R Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections

Introduction This write-up describes a vulnerability found in Label Studio, a popular open source data labeling tool. The vulnerability affects all versions of Label Studio prior to 1.11.0 and was tested on version 1.8.2. Overview Label Studio's SSRF protections that can be enabled by setting the...

5.3CVSS5.3AI score0.00737EPSS
Exploits1References9
OSV
OSV
added 2023/12/20 6:30 a.m.41 views

GHSA-59V3-898R-QWHJ MLflow Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...

9.8CVSS6.4AI score0.01507EPSS
Exploits1References4
NVD
NVD
added 2023/12/20 6:15 a.m.27 views

CVE-2023-6974

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abuse to get a remote code execution on the victim machine...

9.8CVSS0.01507EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/20 5:25 a.m.33 views

CVE-2023-6974 Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abuse to get a remote code execution on the victim machine...

8.6CVSS10AI score0.01507EPSS
Exploits1References2
Rows per page
Query Builder