Lucene search
K

5 matches found

CVE
CVE
added 2024/03/29 4:35 a.m.100 views

CVE-2024-1729

The CVE-2024-1729 entry concerns a timing-attack vulnerability in gradio-app/gradio, specifically in the login workflow (routes.py) where credentials are validated with a direct comparison (app.auth[username] == password). This timing discrepancy can allow an attacker to guess valid credentials b...

5.9CVSS5.7AI score0.00497EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/03/29 4:35 a.m.26 views

CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS6AI score0.00497EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/29 4:35 a.m.15 views

CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS7AI score0.00497EPSS
Exploits1References2
OSV
OSV
added 2024/03/29 4:35 a.m.19 views

CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS6.3AI score0.00497EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2024/02/22 10:9 p.m.6 views

academic-chatgpt (>=0.3.0 <=0.4.1), agentverse (>=0.1.5 <=0.1.8.1) +121 more potentially affected by CVE-2024-1729 via gradio (>=1.7.7 <=4.19.1)

gradio PYPI version =1.7.7, =0.3.0, =0.1.5, =0.0.17, =0.0.2, =0.8.11, =0.7.0.dev134, =0.1.0rc1, =0.0.0, =0.6.14, =0.7.63 and more Source cves: CVE-2024-1729 Source advisory: OSV:GHSA-HMX6-R76C-85G9...

5.9CVSS6.2AI score0.00497EPSS
Exploits1
Rows per page
Query Builder