AI Threat Alert
CVE-2024-0964
CRITICAL
Published February 5, 2024
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| gradio | pip | — | No patch |
Do you use gradio? You're affected.
Severity & Risk
CVSS 3.1
9.4 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L References
- github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 Patch
- huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 Exploit 3rd Party
- github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 Patch
- huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 Exploit 3rd Party
Timeline
Published
February 5, 2024
Last Modified
November 21, 2024
First Seen
February 5, 2024