5 matches found
CVE-2023-6572
Command Injection in GitHub repository gradio-app/gradio prior to main...
CVE-2024-4941 Local File Inclusion in JSON component in gradio-app/gradio
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...
CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...
CVE-2024-1727 CSRF Vulnerability in gradio-app/gradio
A Cross-Site Request Forgery CSRF vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete...
PYSEC-2023-255
Command Injection in GitHub repository gradio-app/gradio prior to main...