CVE-2024-4940

2024-06-2206:15:11

CWE-601

@huntr_ai

web.nvd.nist.gov

open redirect vulnerability

gradio-app

phishing

xss

ssrf

url validation

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.0%

JSON

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page.

Affected configurations

Vulnrichment

Node

gradio_projectgradioMatch4.36.0python

VendorProductVersionCPE
gradio_projectgradio4.36.0cpe:2.3:a:gradio_project:gradio:4.36.0:*:*:*:*:python:*:*

Vendor	Product	Version	CPE
gradio_project	gradio	4.36.0	cpe:2.3:a:gradio_project:gradio:4.36.0:::::python::

CNA Affected

[
  {
    "vendor": "gradio-app",
    "product": "gradio-app/gradio",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]