| عنوان | gradio <=5.29.1 Cross-Site Request Forgery |
|---|
| الوصف | Gradio's CORS configuration is designed to protect internally deployed applications from attack vectors such as CSRF and data exfiltration attacks originating from external sources. However, the current implementation contains flaws that allow malicious actors to bypass the CORS origin validation, fixed at CVE-2024-47165. This vulnerability can be exploited to steal sensitive data from internally deployed Gradio applications, even when they are intended to be protected against such attacks. |
|---|
| المصدر | ⚠️ https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe |
|---|
| المستخدم | Gavin Zhong (UID 84092) |
|---|
| ارسال | 18/05/2025 05:59 PM (11 أشهر منذ) |
|---|
| الاعتدال | 29/05/2025 10:07 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 310491 [gradio-app gradio حتى 5.29.1 CORS is_valid_origin localhost_aliases تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|