3 matches found
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +316 more potentially affected by CVE-2024-47872 via gradio (>=1.7.7 <=4.8.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.2, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 - apillava =0.1.0 and more Source cves: CVE-2024-47872 Source advisory: OSV:PYSEC-2024-220...
CVE-2024-47872 Cross-site Scripting on Gradio server via upload of HTML files, JS files, or SVG files
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +316 more potentially affected by CVE-2024-47872 via gradio (>=1.7.7 <=4.8.0)
gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.2, =0.1.0, =0.8.11, =0.4.0, =0.0.4, =0.7.0.dev134, =0.7.0.dev143 - anymodality =0.1.0 - apillava =0.1.0 and more Source cves: CVE-2024-47872 Source advisory: OSV:GHSA-GVV6-33J7-884G...