Use of Weak Hash

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Weak Hash via the saveaudiotocache function of the Audio Cache Key Handler component. Different audio outputs with identical samples therefore...

EUVD-2024-29344

Malicious code in bioql PyPI...

EUVD-2023-0088

Malicious code in bioql PyPI...

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

Regular Expression Denial of Service (ReDoS)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the gr.Datetime component. An attacker can cause the server to consume excessive CPU resources and...

Origin Validation Error

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Origin Validation Error due to the CustomCORSMiddleware class. An attacker can make unauthorized requests and potentially access sensitive data...

Gradio 输入验证错误漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from an input validation error vulnerability that stems from the presence of a server-side request forgery vulnerability that allows an attacker to scan an...

CVE-2024-31462

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...

CVE-2024-31462

The CVE-2024-31462 entry concerns stable-diffusion-webui (v1.7.0) with a limited file write vulnerability. The root cause is in the create_ui function (Backup/Restore tab) within modules/ui_extensions.py, where user input is captured into config_save_name and later used to form a file path that i...

CVE-2024-31462 Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The createui method Backup/Restore tab in modules/uiextensions.py takes user input into the configsavenam...