4 matches found
ace-step (=0.1.0), ambientagi (>=0.1.1 <=0.2.12) +39 more potentially affected by CVE-2025-5320 via gradio (>=5.0.0 <=5.29.1)
gradio PYPI version =5.0.0, =0.1.1, =0.0.1, =1.0.1, =0.1.2, =0.0.5, =0.0.2, =0.1.0, =2.0.0, =1.1.8b3, =1.0.0, =2025.1.24, =0.3.0, =0.6.3 and more Source cves: CVE-2025-5320 Source advisory: OSV:GHSA-WMJH-CPQJ-4V6X...
CVE-2025-5320
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...
CVE-2025-5320
CVE-2025-5320 affects gradio-app/gradio up to version 5.29.1. The vulnerability lies in the CORS Handler’s is_valid_origin function, where manipulating the localhost_aliases argument can lead to an origin validation error and potential privilege escalation. Exploitation is described as remote wit...
CVE-2025-5320 gradio-app gradio CORS is_valid_origin privilege escalation
A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function isvalidorigin of the component CORS Handler. The manipulation of the argument localhostaliases leads to erweiterte Rechte. It is possible to initiate the attack remotely. The...