|
309581
|
7.5 |
HIGH
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This is a **data validation vulnerability** affecting several Gradio components, which allows arbitrary file leaks through the …
|
CWE-22
Path Traversal
|
CVE-2024-47868
|
2024-10-18 02:04 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309582
|
4.3 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-47168
|
2024-10-18 02:00 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309583
|
3.7 |
LOW
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **timing attack** in the way Gradio compares hashes for the `analytics_dashboard` function. Since…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-47869
|
2024-10-18 01:59 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309584
|
8.1 |
HIGH
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **race condition** in the `update_root_in_config` function, allowing an attacker to modify the `r…
|
CWE-362
Race Condition
|
CVE-2024-47870
|
2024-10-18 01:57 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309585
|
5.4 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users c…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47872
|
2024-10-18 01:54 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309586
|
9.8 |
CRITICAL
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47167
|
2024-10-18 01:53 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309587
|
5.3 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this…
|
CWE-22
Path Traversal
|
CVE-2024-47166
|
2024-10-18 01:48 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309588
|
9.8 |
CRITICAL
Network
|
hdfgroup
|
hdf5
|
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-32608
|
2024-10-18 01:47 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309589
|
5.4 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the…
|
NVD-CWE-noinfo
|
CVE-2024-47165
|
2024-10-18 01:46 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309590
|
6.5 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function,…
|
CWE-22
Path Traversal
|
CVE-2024-47164
|
2024-10-18 01:40 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
