Gradio Project

Gradio

47 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2024-4253

Exploit
  • EPSS 1.9%
  • Veröffentlicht 04.06.2024 08:15:10
  • Zuletzt bearbeitet 15.10.2025 13:15:44

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthor...

7.5

CVE-2024-34510

  • EPSS 0.09%
  • Veröffentlicht 05.05.2024 20:15:07
  • Zuletzt bearbeitet 17.06.2025 16:31:24

Gradio before 4.20 allows credential leakage on Windows.

7.5

CVE-2024-1561

Exploit
  • EPSS 93.5%
  • Veröffentlicht 16.04.2024 00:15:08
  • Zuletzt bearbeitet 30.07.2025 14:48:04

An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cac...

6.5

CVE-2024-1183

Exploit
  • EPSS 65.67%
  • Veröffentlicht 16.04.2024 00:15:07
  • Zuletzt bearbeitet 29.07.2025 19:03:21

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can disc...

7.5

CVE-2024-1728

Exploit
  • EPSS 87.95%
  • Veröffentlicht 10.04.2024 17:15:53
  • Zuletzt bearbeitet 30.07.2025 14:51:22

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as priva...

5.9

CVE-2024-1729

Exploit
  • EPSS 0.08%
  • Veröffentlicht 29.03.2024 05:15:45
  • Zuletzt bearbeitet 30.07.2025 12:43:07

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user ...

8.2

CVE-2024-1540

Exploit
  • EPSS 0.4%
  • Veröffentlicht 27.03.2024 16:15:09
  • Zuletzt bearbeitet 30.07.2025 19:57:13

A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized com...

6.5

CVE-2024-2206

Exploit
  • EPSS 0.13%
  • Veröffentlicht 27.03.2024 01:15:46
  • Zuletzt bearbeitet 29.07.2025 20:24:44

An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header i...

4.3

CVE-2024-1727

Exploit
  • EPSS 0.15%
  • Veröffentlicht 21.03.2024 20:15:07
  • Zuletzt bearbeitet 30.07.2025 20:11:16

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file uploa...

9.4

CVE-2024-0964

Exploit
  • EPSS 0.15%
  • Veröffentlicht 05.02.2024 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:47:54

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.