2 matches found
CVE-2024-25737
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs
Impact There are two separate security vulnerabilities here: 1 a security vulnerability that allows users to read arbitrary files on the machines that are running shared Gradio apps 2 the ability of users to use machines that are sharing Gradio apps to proxy arbitrary URLs Patches Both problems...