2 matches found
CVE-2024-4254
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...
CVE-2024-4254
CVE-2024-4254 — gradio-app/gradio : The main branch deploy-website.yml workflow is vulnerable to secrets exfiltration due to improper authorization. The workflow explicitly checks out and executes code from a fork, enabling untrusted code to run in an environment with push access to the base repo...