CVE-2024-47868

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

PYSEC-2024-217

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio

Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...

CVE-2024-47868

CVE-2024-47868 affects Gradio, an open‑source Python library. A data validation vulnerability in post-processing steps can leak arbitrary files via several components that handle file data, including: String to FileData (DownloadButton, Audio, ImageEditor, Video, Model3D, File, UploadButton), Com...

Gradio has several components with post-process steps allow arbitrary file leaks

Impact What kind of vulnerability is it? Who is impacted? This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected input...

Incorrect calculation of initialBalance in Slingshot.executeTrades()

Handle daejunpark Vulnerability details Impact The Slingshot.executeTrades incorrectly calculates initialBalance when toToken == nativeToken. It should have been the balance of wrapped native tokens e.g., WETH, rather than that of native currencies e.g., Ether. This incorrect behavior introduces...

Informational: Impact of Sudo Vulnerability CVE-2021-3156

Palo Alto Networks Product Security Assurance team has evaluated the Sudo software vulnerability CVE-2021-3156. PAN-OS software, Prisma Cloud compute, and Prisma SD-WAN CloudGenix devices do not include the Sudo program and, therefore, no scenarios required for successful exploitation exist in...

The Word Vulnerability, CVE-2017-0199 dissect that Microsoft patch that you installed? - Vulnerability warning-the black bar safety net

! Foreword Recently, FireEye detects a use of the vulnerability, CVE-2017-0199 malicious OfficeRTF document--earlier this week FreeBuf also reported the vulnerability, without the need to enable Word macros, open a malicious RFT document can be infected with a malicious program. When the user ope...

HackerOne: HackerOne Integrations Design Issue

Summary HackerOne Integrations Design Issue Description Include Impact This bug is similar to 170552. The HackerOne Integrations feature is very sensitive and can not be used with just a click, IMHO, or we can say "HackerOne users are a click away from​ giving to an attacker very sensitive...