ГлавнаяУязвимости → CVE-2024-39236
9.8критическая

CVE-2024-39236

Описание

Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.

Затрагиваемое ПО
Gradio project Gradio
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Aaron911/PoC/blob/main/Gradio.mdhttps://github.com/advisories/GHSA-9v2f-6vcg-3hgvhttps://github.com/gradio-app/gradio/issues/8853https://github.com/Aaron911/PoC/blob/main/Gradio.mdhttps://github.com/advisories/GHSA-9v2f-6vcg-3hgvhttps://github.com/gradio-app/gradio/issues/8853