2 matches found
iddm (>=1.1.8b3 <=1.2.3), lazyllm (>=0.3.0 <=0.6.3) potentially affected by CVE-2024-48052 via gradio (>=5.0.0 <=5.0.0b10)
gradio PYPI version =5.0.0, =1.1.8b3, =0.3.0, =0.6.3 Source cves: CVE-2024-48052 Source advisory: SNYK:PYTHON-GRADIO-8342716...
CVE-2024-48052
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...