PYSEC-2024-196

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio...

PT-2024-18255 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio versions prior to 4.19.2 Description: A Cross-Site Request Forgery CSRF issue allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an...