SUSE CVE-2024-48052

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to no restrictions on the URL, in the saveurltocache function. An attacker can access and download local resourc...

Gradio 安全漏洞

Gradio, an open-source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio that stems from Gradio's asyncsaveurltocache function that allows an attacker to force the Gradio...

Updated python-suds package fixes security vulnerability

An insecure temporary directory use flaw was found in the way python-suds performed initialization of its internal file-based URL cache predictable location was used for directory to store the cached files. A local attacker could use this flaw to conduct symbolic link attacks, possibly leading to...

Internet Explorer URL Cache Memory Corruption (MS08-073; CVE-2008-4260)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer accesses an object that has been deleted. The vulnerability is due to a memory corruption error in Internet Explorer when it attempt...