GHSA-9v2f-6vcg-3hgv

Опубликовано: 01 июл. 2024

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Withdrawn Advisory: Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py

Withdrawn Advisory

This advisory has been withdrawn because the it only affects a user who runs specifically crafted code that happens to use gradio library. More information can be found here.

Original Description

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input.

Ссылки

Пакеты

Наименование

Gradio

pip

Затронутые версииВерсия исправления

= 4.36.1

Отсутствует

EPSS

Процентиль: 82%

0.01813

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2024-39236

Дефекты

CWE-94

Связанные уязвимости

CVE-2024-39236

CVSS3: 9.8

nvd

больше 1 года назад

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

EPSS

Процентиль: 82%

0.01813

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2024-39236

Дефекты

CWE-94