VYPR

Gradio

by Gradio App

pypi: gradio

Source repositories

CVEs (48)

  • CVE-2024-4253Jun 4, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base…

  • CVE-2024-1561Apr 16, 2024
    risk 0.00cvss epss 0.09

    An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block`…

  • CVE-2024-1183Apr 16, 2024
    risk 0.00cvss epss 0.02

    An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal…

  • CVE-2024-1728Apr 10, 2024
    risk 0.00cvss epss 0.85

    gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating…

  • CVE-2024-1729Mar 29, 2024
    risk 0.00cvss epss 0.01

    A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be…

  • CVE-2024-1540Mar 27, 2024
    risk 0.00cvss epss 0.02

    A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to…

  • CVE-2024-2206Mar 27, 2024
    risk 0.00cvss epss 0.00

    An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and…

  • CVE-2024-1727Mar 21, 2024
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an…

Page 3 of 3