Lucene search
@huntr_aiCVE-2024-0964HistoryFeb 05, 2024 - 11:15 p.m.
CVE-2024-0964
2024-02-0523:15:08
CWE-22
@huntr_ai
web.nvd.nist.gov
21
cve-2024-0964
gradio
file include
vulnerability
json
api
nvd
CVSS3
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
8
Confidence
High
EPSS
0.001
Percentile
47.3%
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
Affected configurations
Node
gradio_projectgradioMatch-python
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gradio_project | gradio | - | cpe:2.3:a:gradio_project:gradio:-:*:*:*:*:python:*:* |
CNA Affected
[
{
"vendor": "gradio-app",
"product": "gradio-app/gradio",
"versions": [
{
"version": "unspecified",
"lessThan": "x",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
osv
osv
Gradio Path Traversal vulnerability
2024-02-06 00:30:28
CVE-2024-0964
2024-02-05 23:15:08
cvelist
cvelist
CVE-2024-0964 LFI in Gradio
2024-02-05 22:53:44
nvd
nvd
CVE-2024-0964
2024-02-05 23:15:08
github
github
Gradio Path Traversal vulnerability
2024-02-06 00:30:28
kitploit
kitploit
veracode
veracode
Path Traversal
2024-02-07 06:07:56
vulnrichment
vulnrichment
CVE-2024-0964 LFI in Gradio
2024-02-05 22:53:44
prion
prion
Cross site request forgery (csrf)
2024-02-05 23:15:00
CVSS3
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
8
Confidence
High
EPSS
0.001
Percentile
47.3%
Related for CVE-2024-0964