exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2024-1727

почти 2 года назад

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.

CVSS3: 4.3

EPSS: Низкий

GHSA-48cq-79qq-6f7x

больше 1 года назад

Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files

CVSS3: 4.3

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2024-1727 A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.	CVSS3: 4.3	0% Низкий	почти 2 года назад
	GHSA-48cq-79qq-6f7x Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files	CVSS3: 4.3	0% Низкий	больше 1 года назад

Уязвимостей на страницу