4 matches found
gradio Server Side Request Forgery vulnerability
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...
CVE-2024-48052
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...
CVE-2024-48052
In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...
CVE-2024-47868 Several componentsβ post-process steps may allow arbitrary file leaks in Gradio
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...