AI Threat Alert
CVE-2024-1727
UNKNOWNA Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| gradio | pip | — | No patch |
Do you use gradio? You're affected.
Severity & Risk
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py.
Weaknesses (CWE)
References
- github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a Patch
- huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff Exploit 3rd Party
- github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a Patch
- huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff Exploit 3rd Party