Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2024/10/12 2:48 a.m.4 views

SUSE CVE-2024-47084

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker's website to make unauthorized requests to a local Gradio...

8.3CVSS6.7AI score0.00484EPSS
Exploits0References3
PyPA
PyPA
added 2024/10/10 11:15 p.m.16 views

PYSEC-2024-219

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

9.1CVSS6.8AI score0.00172EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2024/10/10 11:15 p.m.6 views

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

6.9CVSS6.5AI score0.00252EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/10 11:15 p.m.9 views

PYSEC-2024-218

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a race condition in the updaterootinconfig function, allowing an attacker to modify the root URL used by the Gradio frontend to communicate with the backend. By exploiting this flaw, an attacker ca...

8.1CVSS8AI score0.00359EPSS
Exploits0References1
PyPA
PyPA
added 2024/10/10 11:15 p.m.8 views

PYSEC-2024-199

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...

3.7CVSS6.7AI score0.00285EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2024/10/10 10:15 p.m.9 views

PYSEC-2024-214

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...

6.9CVSS6.8AI score0.00274EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.5 views

PT-2024-32398

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 4.44 Description This issue is related to CORS origin validation, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests t...

8.3CVSS5.8AI score0.00484EPSS
Exploits0References18
Rows per page
Query Builder