CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39236
https://notcve.org/view.php?id=CVE-2024-39236
01 Jul 2024 — Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself. Se descubrió que Gradio v4.36.1 contiene una vulnerabilidad de inyección de código a través del componente /gradio/component_meta.py. Esta vulnerabilidad se activa mediante una entrada manipulada. • https://github.com/Aaron911/PoC/blob/main/Gradio.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 3%CPEs: 1EXPL: 0CVE-2024-4940 – Open Redirect in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-4940
22 Jun 2024 — An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the us... • https://huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4325 – Server-Side Request Forgery (SSRF) in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-4325
06 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromis... • https://huntr.com/bounties/b34f084b-7d14-4f00-bc10-048a3a5aaf88 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4941 – Local File Inclusion in JSON component in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-4941
06 Jun 2024 — A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a `path` key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the `/file=..` endpoint. This issue is due to the `processing_utils.move_files_t... • https://github.com/gradio-app/gradio/commit/ee1e2942e0a1ae84a08a05464e41c8108a03fa9c • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4254 – Secrets Exfiltration in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-4254
04 Jun 2024 — The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it allows the running of untrusted code in an environment with access to push to the base repository and access secrets. This flaw could lead to the exfiltration of sensitive secrets such as GITHUB_TOKEN, HF_TOKEN, VERCE... • https://huntr.com/bounties/59873fbd-5698-4ec3-87f9-5d70c6055d01 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-4253 – Command Injection in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-4253
04 Jun 2024 — A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or secrets exfiltration. The issue affects versions up to and including '@gradio/video@0.6.12'. The flaw is present in the workflow's handling of GitHub context information, where it echoes the full name of the head repos... • https://github.com/gradio-app/gradio/commit/a0e70366a8a406fdd80abb21e8c88a3c8e682a2b • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 89%CPEs: 1EXPL: 2CVE-2024-1561 – Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-1561
16 Apr 2024 — An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is... • https://github.com/DiabloHTB/CVE-2024-1561 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.5EPSS: 25%CPEs: 1EXPL: 0CVE-2024-1183 – SSRF Vulnerability in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-1183
16 Apr 2024 — An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response. Existe una vulnerabilidad SSRF (Server-Side Request Forgery) en el repositorio gradio-app/gradio, que permite a los atacantes escanear e ... • https://github.com/gradio-app/gradio/commit/2ad3d9e7ec6c8eeea59774265b44f11df7394bb4 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 48%CPEs: 1EXPL: 1CVE-2024-1728 – Local File Inclusion in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-1728
10 Apr 2024 — gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to... • https://github.com/yuanmeng-MINGI/CVE-2024-1728 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1729 – Timing Attack Vulnerability in gradio-app/gradio
https://notcve.org/view.php?id=CVE-2024-1729
29 Mar 2024 — A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access. La condición de verificación de contraseña es ... • https://github.com/gradio-app/gradio/commit/e329f1fd38935213fe0e73962e8cbd5d3af6e87b • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •