Gradio Project

Gradio

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2024-4325

Exploit
  • EPSS 37.37%
  • Veröffentlicht 06.06.2024 18:15:18
  • Zuletzt bearbeitet 21.11.2024 09:42:37

A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the ...

7.1

CVE-2024-4254

Exploit
  • EPSS 0.47%
  • Veröffentlicht 04.06.2024 12:15:13
  • Zuletzt bearbeitet 15.10.2025 13:15:44

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and executio...

9.1

CVE-2024-4253

Exploit
  • EPSS 1.69%
  • Veröffentlicht 04.06.2024 08:15:10
  • Zuletzt bearbeitet 15.10.2025 13:15:44

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthor...

7.5

CVE-2024-34510

  • EPSS 0.57%
  • Veröffentlicht 05.05.2024 20:15:07
  • Zuletzt bearbeitet 17.06.2025 16:31:24

Gradio before 4.20 allows credential leakage on Windows.

7.5

CVE-2024-1561

Exploit
  • EPSS 9.24%
  • Veröffentlicht 16.04.2024 00:15:08
  • Zuletzt bearbeitet 30.07.2025 14:48:04

An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cac...

6.5

CVE-2024-1183

Exploit
  • EPSS 1.78%
  • Veröffentlicht 16.04.2024 00:15:07
  • Zuletzt bearbeitet 29.07.2025 19:03:21

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can disc...

7.5

CVE-2024-1728

Exploit
  • EPSS 85.39%
  • Veröffentlicht 10.04.2024 17:15:53
  • Zuletzt bearbeitet 30.07.2025 14:51:22

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as priva...

5.9

CVE-2024-1729

Exploit
  • EPSS 0.5%
  • Veröffentlicht 29.03.2024 05:15:45
  • Zuletzt bearbeitet 30.07.2025 12:43:07

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user ...

8.2

CVE-2024-1540

Exploit
  • EPSS 1.98%
  • Veröffentlicht 27.03.2024 16:15:09
  • Zuletzt bearbeitet 30.07.2025 19:57:13

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized com...

6.5

CVE-2024-2206

Exploit
  • EPSS 0.42%
  • Veröffentlicht 27.03.2024 01:15:46
  • Zuletzt bearbeitet 29.07.2025 20:24:44

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header i...