Vulnerabilities

CVE-2024-0964

by Fred · 05/02/2024

A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.

More information : https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 9.4
Base severity : CRITICAL
Exploitability score : 3.9
Impact score : 5.5

Similar

Tags: Cybersecurity Alert