CVE-2024-1727

CSRF Vulnerability in gradio-app/gradio

CVSS 4.3 MEDIUMEPSS 0.4%CWE-352

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 mar 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Produtos afetados

gradio-app · gradio-app/gradio

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a https://huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff