CVE-2024-39236

Опубликовано: 01 июл. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

Ссылки

https://github.com/Aaron911/PoC/blob/main/Gradio.md
Exploit
Third Party Advisory
https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
Third Party Advisory
https://github.com/gradio-app/gradio/issues/8853
Exploit
Issue Tracking
Vendor Advisory
https://github.com/Aaron911/PoC/blob/main/Gradio.md
Exploit
Third Party Advisory
https://github.com/advisories/GHSA-9v2f-6vcg-3hgv
Third Party Advisory
https://github.com/gradio-app/gradio/issues/8853
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gradio_project:gradio:4.36.1:*:*:*:*:python:*:*

EPSS

Процентиль: 82%

0.01813

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-9v2f-6vcg-3hgv