Submit #580250: gradio <=5.29.1 Cross-Site Request Forgeryinfo

Titelgradio <=5.29.1 Cross-Site Request Forgery
BeschreibungGradio's CORS configuration is designed to protect internally deployed applications from attack vectors such as CSRF and data exfiltration attacks originating from external sources. However, the current implementation contains flaws that allow malicious actors to bypass the CORS origin validation, fixed at CVE-2024-47165. This vulnerability can be exploited to steal sensitive data from internally deployed Gradio applications, even when they are intended to be protected against such attacks.
Quelle⚠️ https://gist.github.com/superboy-zjc/aa3dfa161d7b19d8a53ab4605792f2fe
Benutzer
 Gavin Zhong (UID 84092)
Einreichung18.05.2025 17:59 (vor 11 Monaten)
Moderieren29.05.2025 10:07 (11 days later)
StatusAkzeptiert
VulDB Eintrag310491 [gradio-app gradio bis 5.29.1 CORS is_valid_origin localhost_aliases erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!