PT-2024-25942 · Gradio · Gradio
Published
2024-05-05
·
Updated
2024-05-14
·
CVE-2024-34511
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Gradio versions prior to 4.13
Description
The issue arises from the Component Server in Gradio not properly considering
is server fn for functions. This can lead to security risks if function calls do not take is server fn into account.Recommendations
For Gradio versions prior to 4.13, update to version 4.13 or later to resolve the issue. As a temporary workaround, consider ensuring that all function calls properly consider the
is server fn variable to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gradio