2 matches found
GHSA-3C67-5HWX-F6WX Gradios's CORS origin validation is not performed when the request has a cookie
Impact What kind of vulnerability is it? Who is impacted? This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server...
CVE-2024-1540 Command Injection in gradio-app/gradio via deploy+test-visual.yml workflow
A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized...