GHSA-34rf-p3r3-58x2

Опубликовано: 05 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Gradio's Component Server does not properly consider _is_server_fn for functions

Component Server in Gradio before 4.13 does not properly consider _is_server_fn for functions.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-34511
https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
https://www.gradio.app/changelog#4-13-0

Пакеты

Наименование

gradio

pip

Затронутые версииВерсия исправления

< 4.13.0

4.13.0

6.5 Medium

CVSS3

CVE ID

CVE-2024-34511

Связанные уязвимости

CVE-2024-34511

nvd

почти 2 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1561. Reason: This candidate is a duplicate of CVE-2024-1561. Notes: All CVE users should reference CVE-2024-1561 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

6.5 Medium

CVSS3

CVE ID

CVE-2024-34511