Lucene search

Veracode Vulnerability DatabaseVERACODE:46010

HistoryMar 26, 2024 - 11:21 a.m.

Cross-Site Request Forgery (CSRF)

2024-03-2611:21:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gradio

csrf

vulnerability

cors

validation

external websites

requests

software

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

gradio is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to inadequate Cross-Origin Resource Sharing (CORS) validation, which allows an external websites to make requests to gradio applications running locally.

References

github.com/advisories/GHSA-3x9g-xfj5-fq84

github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a

huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46010