Lucene search
GitHub Advisory DatabaseGHSA-F3H9-8PHC-6GVHHistoryFeb 06, 2024 - 12:30 a.m.
Gradio Path Traversal vulnerability
2024-02-0600:30:28
CWE-22
GitHub Advisory Database
github.com
10
gradio
path traversal
remote file include
user-supplied json
api request
CVSS3
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
47.3%
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
Affected configurations
Node
gradio_projectgradioRange<4.9.0python
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gradio_project | gradio | * | cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* |
Related
osv
osv
CVE-2024-0964
2024-02-05 23:15:08
Gradio Path Traversal vulnerability
2024-02-06 00:30:28
cvelist
cvelist
CVE-2024-0964 LFI in Gradio
2024-02-05 22:53:44
nvd
nvd
CVE-2024-0964
2024-02-05 23:15:08
kitploit
kitploit
veracode
veracode
Path Traversal
2024-02-07 06:07:56
vulnrichment
vulnrichment
CVE-2024-0964 LFI in Gradio
2024-02-05 22:53:44
cve
cve
CVE-2024-0964
2024-02-05 23:15:08
prion
prion
Cross site request forgery (csrf)
2024-02-05 23:15:00
CVSS3
9.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
47.3%
Related for GHSA-F3H9-8PHC-6GVH