3 matches found
anomalib-orobix (>=0.7.0.dev134 <=0.7.0.dev143), cradle-app (>=0.1.0 <=0.1.1) +8 more potentially affected by CVE-2023-25823 via gradio (>=1.7.7 <=3.11.0)
gradio PYPI version =1.7.7, =0.7.0.dev134, =0.1.0, =0.0.1, =2.0.0rc3, =1.7.1, =0.3.0, =1.3.1, =2.2.0, =2.5.2, =3.0.0b0 Source cves: CVE-2023-25823 Source advisory: OSV:PYSEC-2023-16...
CVE-2023-25823 Gradio contains Use of Hard-coded Credentials
Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links i.e. creating a Gradio app and then setting share=True, a private SSH key is sent to any...
CVE-2023-25823
Gradio (Python library) is affected by CVE-2023-25823 in versions prior to 3.13.1, where using share links (share=True) causes a private SSH key to be sent to connected users. This can let an attacker access other users’ shared Gradio demos and, depending on exposure, perform further exploits. Th...