Lucene search
K

7 matches found

OSV
OSV
added 2025/03/20 10:15 a.m.6 views

PYSEC-2025-93

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue CVE-2024-4941. This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

6.5CVSS6.9AI score0.00669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:6 a.m.9 views

CVE-2024-4941

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS6.4AI score0.0083EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/06/06 6:30 p.m.5 views

academic-chatgpt (>=0.3.0 <=0.4.1), africanwhisper (>=0.2.1 <=0.9.0) +149 more potentially affected by CVE-2024-4941 via gradio (>=1.7.7 <=4.31.0)

gradio PYPI version =1.7.7, =0.3.0, =0.2.1, =0.1.5, =0.0.6, =0.0.2, =0.8.11, =0.4.0, =0.7.0.dev134, =0.1.0rc1, =0.1.0rc2 - aqueduct-llm =0.0.1 and more Source cves: CVE-2024-4941 Source advisory: OSV:GHSA-6V6G-J5FQ-HPVW...

7.5CVSS7AI score0.0083EPSS
Exploits1
Cvelist
Cvelist
added 2024/06/06 5:55 p.m.43 views

CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS0.0083EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 5:55 p.m.20 views

CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS7.1AI score0.0083EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/06 5:55 p.m.13 views

CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...

7.5CVSS6.7AI score0.0083EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 5:55 p.m.84 views

CVE-2024-4941

The CVE-2024-4941 issue affects gradio-app/gradio v4.25, specifically the JSON component. The root cause is improper input validation in gradio/components/json_component.py: a user-controlled string is parsed as JSON in postprocess(), and if a dict contains a path key, processing_utils.move_files...

7.5CVSS7.3AI score0.0083EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder