2 matches found
academic-chatgpt (>=0.3.0 <=0.4.1), agentverse (>=0.1.5 <=0.1.8.1) +118 more potentially affected by CVE-2024-2206 via gradio (>=1.7.7 <=4.16.0)
gradio PYPI version =1.7.7, =0.3.0, =0.1.5, =0.0.2, =0.8.11, =0.7.0.dev134, =0.1.0rc1, =0.0.0, =0.6.14, =0.7.63 - axolotl =0.5.0 and more Source cves: CVE-2024-2206 Source advisory: OSV:GHSA-R364-M2J9-MF4H...
CVE-2024-2206 SSRF Vulnerability in gradio-app/gradio
An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the /proxy route. Attackers can exploit this vulnerability by manipulating the self.replicaurls set through the X-Direct-Url header in requests to the / and /config routes, allowing the...